From: Andrii Tseglytskyi <andrii.tseglytskyi@globallogic.com>
To: Julien Grall <julien.grall@linaro.org>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
Ian Campbell <Ian.Campbell@citrix.com>,
xen-devel@lists.xen.org
Subject: Re: [PATCH v02 6/7] arm: introduce do_translate_pagetable hypercall
Date: Tue, 22 Jul 2014 19:48:54 +0300 [thread overview]
Message-ID: <CAH_mUMP81wRz36n=zGA+89SA0xTkSfc-EX24mfTsiLXhUPmYfQ@mail.gmail.com> (raw)
In-Reply-To: <53CE950B.5060606@linaro.org>
Hi Julien,
On Tue, Jul 22, 2014 at 7:44 PM, Julien Grall <julien.grall@linaro.org> wrote:
> On 07/22/2014 05:39 PM, Andrii Tseglytskyi wrote:
>> Hi Julien,
>
> Hi Andrii,
>
>> On Fri, Jul 4, 2014 at 5:35 PM, Julien Grall <julien.grall@linaro.org> wrote:
>>> Hi Andrii,
>>>
>>>
>>> On 26/06/14 12:07, Andrii Tseglytskyi wrote:
>>>>
>>>> +long do_translate_pagetable(int cmd,
>>>> XEN_GUEST_HANDLE_PARAM(xen_pagetable_addr_t) pgt_addr)
>>>> +{
>>>> + struct xen_pagetable_addr pgt;
>>>> + struct mmu_info *mmu = NULL;
>>>> +
>>>> + if ( copy_from_guest(&pgt, pgt_addr, 1) )
>>>> + return -EFAULT;
>>>> +
>>>> + mmu = mmu_lookup(pgt.reg);
>>>> + if ( !mmu )
>>>> + {
>>>> + pr_mmu("can't get mmu for addr 0x%08x", pgt.reg);
>>>> + return -EINVAL;
>>>> + }
>>>> +
>>>> + pgt.maddr = mmu_translate_pagetable(mmu, pgt.paddr);
>>>> +
>>>> + return copy_to_guest(pgt_addr, &pgt, 1);
>>>> +}
>>>> +
>>>
>>>
>>> AFAIU, nothing prevents a malicious guest to call this hypercall and screw
>>> the pagetable of the MMU.
>>
>> Right. Do you think that some kind of security checks needed here?
>
> You need at least ot check that the domain is allowed to access to the
> remote processor.
>
> It may be implemented via the solution we were talking on patch #1.
>
Agree.
> Regards,
>
> --
> Julien Grall
--
Andrii Tseglytskyi | Embedded Dev
GlobalLogic
www.globallogic.com
next prev parent reply other threads:[~2014-07-22 16:48 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-26 11:06 [PATCH v02 0/7] arm: introduce remoteprocessor iommu module Andrii Tseglytskyi
2014-06-26 11:07 ` [PATCH v02 1/7] " Andrii Tseglytskyi
2014-06-29 18:00 ` Julien Grall
2014-07-22 15:20 ` Andrii Tseglytskyi
2014-07-22 16:29 ` Julien Grall
2014-07-31 11:59 ` Andrii Tseglytskyi
2014-07-31 12:11 ` Julien Grall
2014-07-31 12:49 ` Andrii Tseglytskyi
2014-07-04 13:59 ` Stefano Stabellini
2014-07-16 15:19 ` Ian Campbell
2014-07-22 12:42 ` Stefano Stabellini
2014-07-22 13:29 ` Julien Grall
2014-07-22 16:31 ` Andrii Tseglytskyi
2014-07-22 17:22 ` Andrii Tseglytskyi
2014-07-23 10:32 ` Stefano Stabellini
2014-07-23 10:54 ` Andrii Tseglytskyi
2014-07-22 15:40 ` Andrii Tseglytskyi
2014-07-22 15:32 ` Andrii Tseglytskyi
2014-08-01 10:06 ` Andrii Tseglytskyi
2014-08-01 10:32 ` Julien Grall
2014-08-01 10:34 ` Andrii Tseglytskyi
2014-08-01 10:37 ` Julien Grall
2014-08-01 10:43 ` Andrii Tseglytskyi
2014-08-20 19:40 ` Andrii Tseglytskyi
2014-08-21 15:30 ` Andrii Tseglytskyi
2014-08-21 23:41 ` Stefano Stabellini
2014-08-21 23:43 ` Stefano Stabellini
2014-07-16 15:29 ` Ian Campbell
2014-07-16 15:34 ` Ian Campbell
2014-07-22 16:24 ` Andrii Tseglytskyi
2014-07-22 16:14 ` Andrii Tseglytskyi
2014-06-26 11:07 ` [PATCH v02 2/7] arm: omap: introduce iommu translation for IPU remoteproc Andrii Tseglytskyi
2014-07-04 14:01 ` Stefano Stabellini
2014-07-22 16:56 ` Andrii Tseglytskyi
2014-07-04 14:30 ` Julien Grall
2014-07-22 16:58 ` Andrii Tseglytskyi
2014-07-16 15:36 ` Ian Campbell
2014-07-22 17:16 ` Andrii Tseglytskyi
2014-06-26 11:07 ` [PATCH v02 3/7] arm: omap: introduce iommu translation for GPU remoteproc Andrii Tseglytskyi
2014-06-26 11:07 ` [PATCH v02 4/7] arm: omap: introduce print pagetable function for IPU remoteproc Andrii Tseglytskyi
2014-07-16 15:38 ` Ian Campbell
2014-07-22 16:55 ` Andrii Tseglytskyi
2014-06-26 11:07 ` [PATCH v02 5/7] arm: omap: introduce print pagetable function for GPU remoteproc Andrii Tseglytskyi
2014-06-26 11:07 ` [PATCH v02 6/7] arm: introduce do_translate_pagetable hypercall Andrii Tseglytskyi
2014-07-04 14:05 ` Stefano Stabellini
2014-07-16 15:42 ` Ian Campbell
2014-07-22 16:47 ` Andrii Tseglytskyi
2014-07-22 16:37 ` Andrii Tseglytskyi
2014-07-04 14:35 ` Julien Grall
2014-07-16 15:43 ` Ian Campbell
2014-07-22 16:50 ` Andrii Tseglytskyi
2014-07-22 16:39 ` Andrii Tseglytskyi
2014-07-22 16:44 ` Julien Grall
2014-07-22 16:48 ` Andrii Tseglytskyi [this message]
2014-06-26 11:07 ` [PATCH v02 7/7] arm: add trap for remoteproc mmio accesses Andrii Tseglytskyi
2014-06-26 16:52 ` Julien Grall
2014-06-27 8:36 ` Andrii Tseglytskyi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAH_mUMP81wRz36n=zGA+89SA0xTkSfc-EX24mfTsiLXhUPmYfQ@mail.gmail.com' \
--to=andrii.tseglytskyi@globallogic.com \
--cc=Ian.Campbell@citrix.com \
--cc=julien.grall@linaro.org \
--cc=stefano.stabellini@eu.citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).