| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Jan 2011 12:44:39 +0000 From: Stefano Stabellini <stefano.stabellini@...citrix.com> To: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com> CC: Stefano Stabellini <Stefano.Stabellini@...citrix.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "xen-devel@...ts.xensource.com" <xen-devel@...ts.xensource.com>, Jeremy Fitzhardinge <Jeremy.Fitzhardinge@...rix.com> Subject: Re: [PATCH 05/12] xen: add m2p override mechanism On Mon, 10 Jan 2011, Konrad Rzeszutek Wilk wrote: > > @@ -83,6 +85,14 @@ static inline unsigned long mfn_to_pfn(unsigned long mfn) > > */ > > __get_user(pfn, &machine_to_phys_mapping[mfn]); > > > > + /* > > + * If this appears to be a foreign mfn (because the pfn > > + * doesn't map back to the mfn), then check the local override > > + * table to see if there's a better pfn to use. > > + */ > > + if (get_phys_to_machine(pfn) != mfn) > > Any reason to not use 'pfn_to_mfn' call instead? If we do want > to use the get_hhys_to_machine wouldn't be easier to just > check for 'FOREIGN_FRAME_BIT' set? Or is just mostly a copy-n-paste > of mfn_to_local_pfn? pfn in this case is the return value of m2p(mfn); there are 3 possible cases: 1) the mfn was a regular ram page belonging to the domain so get_phys_to_machine(pfn) == mfn. Nothing to see here. 2) the mfn was a granted page so pfn is actually the pfn in the source domain and doesn't mean anything in our domain. In this case get_phys_to_machine(pfn) is always different from mfn, either because the mapping in our domain is just different or because the FOREIGN_FRAME_BIT is set. 3) the pfn belongs to a 1:1 region. In this case get_phys_to_machine(pfn) != mfn because of the IDENTITY_FRAME_BIT but we don't actually want to look in the m2p_override because we are not going to find anything useful there. Considering all this, I propose this change: if (get_phys_to_machine(pfn) != mfn) into if (pfn_to_mfn(pfn) != mfn) because: - it won't make any differences in case 1); - it will avoid false potives in case 3); - in case 2) if p2m(pfn) => mfn in both the source and the destination domain then we might skip the check in the m2p_override but we don't care because by luck we got the correct value anyway (m2p(mfn) == m2p_override(mfn)). However I understand that it might be subtle and needs a very long comment so a simpler alternative would be to explicitly remove the IDENTITY_FRAME_BIT from the check: if ((get_phys_to_machine(pfn) & ~IDENTITY_FRAME_BIT) != mfn) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists