From: Tamas K Lengyel <tamas.k.lengyel@gmail.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: "wei.liu2@citrix.com" <wei.liu2@citrix.com>,
Cristian-Bogdan Sirb <csirb@bitdefender.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
Razvan Cojocaru <rcojocaru@bitdefender.com>,
Xen-devel <xen-devel@lists.xen.org>
Subject: Re: [PATCH] Libxc: fix xc_translate_foreign_address()
Date: Tue, 4 Apr 2017 09:39:38 -0600 [thread overview]
Message-ID: <CABfawhkMmM4zg_8n0yoPfH0htOGY5OhthP3Rf+bmThsBB0WT1Q@mail.gmail.com> (raw)
In-Reply-To: <45ad0664-1405-7355-08dd-c16c2b5fa127@citrix.com>
[-- Attachment #1.1: Type: text/plain, Size: 2022 bytes --]
On Tue, Apr 4, 2017 at 9:11 AM, Andrew Cooper <andrew.cooper3@citrix.com>
wrote:
> On 04/04/17 13:14, Razvan Cojocaru wrote:
> > Currently xc_translate_foreign_address only checks for PSE bit only on
> > level 2 entries (that's 2 MB pages on x64 and 32-bit with PAE, and 4 MB
> > pages on 32-bit). But linux kernel sometimes uses 1 GB pages. This patch
> > fixes that, and checks the PSE bit on level 3 entries if the guest has 4
> > translation levels (that means 64-bit guests only).
> >
> > Signed-off-by: Cristian-Bogdan Sirb <csirb@bitdefender.com>
>
> This function is in a rather tragic state. Lucky it isn't used by code
> covered by Xen's security statement.
>
> This patch reintroduces XSA-176, and the existing code doesn't work for
> 4M superpages, or guests using PSE36. (I might be acutely aware of
> pagetable issues, following c/s
> 4c5d78a10dc89). Furthermore, the map/unmap overhead must be a large
> overhead.
>
Indeed it is, that's why in LibVMI there is actually a cache implemented
for mapped pages so we throw them away only after they have been idle for a
while.
>
> How often is this used by introspection? To properly walk the
> pagetables, you need access to the CPUID information (as well as the
> control register state), and that isn't yet available to the toolstack
> in Xen.
>
Control register state is certainly available.
>
> I'm wondering whether it might be better to have a way of asking Xen to
> perform a virtual to linear translation in the context of a specific
> vcpu. My gut feeling is that it might be quicker than running this
> logic, and is definitely more simple than trying to fix this code not to
> have vulnerabilities in it.
I don't think it would be necessary. IMHO doing this in Xen wouldn't really
net us much performance-wise. Furthermore, there are certain PTE bits that
are OS specific and Xen wouldn't necessary have the required information to
do the translation properly (ie. present bit unset but transition bits used
for Windows guests).
Tamas
[-- Attachment #1.2: Type: text/html, Size: 2896 bytes --]
[-- Attachment #2: Type: text/plain, Size: 127 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-04-04 15:39 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-04 12:14 [PATCH] Libxc: fix xc_translate_foreign_address() Razvan Cojocaru
2017-04-04 15:11 ` Andrew Cooper
2017-04-04 15:17 ` Razvan Cojocaru
2017-04-04 15:39 ` Tamas K Lengyel [this message]
2017-04-04 15:58 ` Andrew Cooper
2017-04-04 16:08 ` Tamas K Lengyel
2017-04-04 16:45 ` Razvan Cojocaru
2017-04-04 17:04 ` Andrew Cooper
2017-04-05 11:58 ` Razvan Cojocaru
2017-04-05 12:57 ` Wei Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CABfawhkMmM4zg_8n0yoPfH0htOGY5OhthP3Rf+bmThsBB0WT1Q@mail.gmail.com \
--to=tamas.k.lengyel@gmail.com \
--cc=andrew.cooper3@citrix.com \
--cc=csirb@bitdefender.com \
--cc=ian.jackson@eu.citrix.com \
--cc=rcojocaru@bitdefender.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).