From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Subject: [PATCH 8 of 8] Tools: After a helper maps a ring,
 yank it from the guest physmap
Date: Thu, 08 Mar 2012 10:03:03 -0500
Message-ID: <5af3fc56b3138aa3ed6c.1331218983@xdev.gridcentric.ca>
References: <patchbomb.1331218975@xdev.gridcentric.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <patchbomb.1331218975@xdev.gridcentric.ca>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: xen-devel@lists.xensource.com
Cc: olaf@aepfle.de, ian.campbell@citrix.com, andres@gridcentric.ca, tim@xen.org, keir.xen@gmail.com, ian.jackson@citrix.com, adin@gridcentric.ca
List-Id: xen-devel@lists.xenproject.org

 tools/tests/xen-access/xen-access.c |  5 +++++
 tools/xenpaging/xenpaging.c         |  5 +++++
 2 files changed, 10 insertions(+), 0 deletions(-)


This limits the ability of the guest to play around with its own rings, and DoS
itself.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>

diff -r 2eb149248f28 -r 5af3fc56b313 tools/tests/xen-access/xen-access.c
--- a/tools/tests/xen-access/xen-access.c
+++ b/tools/tests/xen-access/xen-access.c
@@ -269,6 +269,11 @@ xenaccess_t *xenaccess_init(xc_interface
                    (mem_event_sring_t *)xenaccess->mem_event.ring_page,
                    PAGE_SIZE);
 
+    /* Now that the ring is set, remove it from the guest's physmap */
+    if ( xc_domain_decrease_reservation_exact(xch, 
+                    xenaccess->mem_event.domain_id, 1, 0, &ring_pfn) )
+        PERROR("Failed to remove ring from guest physmap");
+
     /* Get platform info */
     xenaccess->platform_info = malloc(sizeof(xc_platform_info_t));
     if ( xenaccess->platform_info == NULL )
diff -r 2eb149248f28 -r 5af3fc56b313 tools/xenpaging/xenpaging.c
--- a/tools/xenpaging/xenpaging.c
+++ b/tools/xenpaging/xenpaging.c
@@ -416,6 +416,11 @@ static struct xenpaging *xenpaging_init(
                    (mem_event_sring_t *)paging->mem_event.ring_page,
                    PAGE_SIZE);
 
+    /* Now that the ring is set, remove it from the guest's physmap */
+    if ( xc_domain_decrease_reservation_exact(xch, 
+                    paging->mem_event.domain_id, 1, 0, &ring_pfn) )
+        PERROR("Failed to remove ring from guest physmap");
+
     /* Get max_pages from guest if not provided via cmdline */
     if ( !paging->max_pages )
     {