All of lore.kernel.org
 help / color / mirror / Atom feed
* PATCH: Allow domains to share instruction pages with each other
@ 2009-01-10  1:08 Michael Abd-El-Malek
  2009-01-10  9:22 ` Keir Fraser
  0 siblings, 1 reply; 2+ messages in thread
From: Michael Abd-El-Malek @ 2009-01-10  1:08 UTC (permalink / raw)
  To: xen-devel

Allow domains to share instruction pages with each other.

Xen changeset 4ec25db9326a (Nov 3, 2008) set the NX page bit on pages  
shared between domains.  That broke my ability to execute a binary  
whose pages are mapped from another domain.

My fix: I removed the NX page flag.  I don't see a security problem  
with this: if domain A maps a page from domain B, it somehow trusts  
it, and can do any additional checks after the page is mapped.  But  
absolutely disallowing execution of instructions from a mapped page  
seems a little too strict.


diff -r 7a87b3dffa69 -r 43693d552e09 xen/include/asm-x86/page.h
--- a/xen/include/asm-x86/page.h	Sun Dec 28 02:37:15 2008 -0500
+++ b/xen/include/asm-x86/page.h	Wed Jan 07 23:35:18 2009 -0500
@@ -317,7 +317,7 @@
    (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_PCD |  
_PAGE_ACCESSED)

#define GRANT_PTE_FLAGS \
-    (_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_NX |  
_PAGE_GNTTAB)
+    (_PAGE_PRESENT | _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_GNTTAB)

#ifndef __ASSEMBLY__

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: PATCH: Allow domains to share instruction pages with each other
  2009-01-10  1:08 PATCH: Allow domains to share instruction pages with each other Michael Abd-El-Malek
@ 2009-01-10  9:22 ` Keir Fraser
  0 siblings, 0 replies; 2+ messages in thread
From: Keir Fraser @ 2009-01-10  9:22 UTC (permalink / raw)
  To: Michael Abd-El-Malek, xen-devel

On 10/01/2009 01:08, "Michael Abd-El-Malek" <mabdelm@ece.cmu.edu> wrote:

> Allow domains to share instruction pages with each other.
> 
> Xen changeset 4ec25db9326a (Nov 3, 2008) set the NX page bit on pages
> shared between domains.  That broke my ability to execute a binary
> whose pages are mapped from another domain.
> 
> My fix: I removed the NX page flag.  I don't see a security problem
> with this: if domain A maps a page from domain B, it somehow trusts
> it, and can do any additional checks after the page is mapped.  But
> absolutely disallowing execution of instructions from a mapped page
> seems a little too strict.

I think NX as default is pretty sensible. If you want to be able to make
executable shared mappings via grants, how about we add a flag
GNTMAP_executable to gnttab_map_grant_ref? You can use that in
create_grant_host_mapping() to zap _PAGE_NX.

If that works for you, feel free to make a patch.

 -- Keir

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-01-10  9:22 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-01-10  1:08 PATCH: Allow domains to share instruction pages with each other Michael Abd-El-Malek
2009-01-10  9:22 ` Keir Fraser

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.