| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 Jun 2016 12:20:32 +0000 From: Paul Durrant <Paul.Durrant@...rix.com> To: Julien Grall <julien.grall@....com>, David Vrabel <david.vrabel@...rix.com>, "boris.ostrovsky@...cle.com" <boris.ostrovsky@...cle.com>, "jgross@...e.com" <jgross@...e.com>, "sstabellini@...nel.org" <sstabellini@...nel.org>, "konrad.wilk@...cle.com" <konrad.wilk@...cle.com> CC: Andrew Cooper <Andrew.Cooper3@...rix.com>, "steve.capper@....com" <steve.capper@....com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "JBeulich@...e.com" <JBeulich@...e.com>, "xen-devel@...ts.xen.org" <xen-devel@...ts.xen.org> Subject: RE: [Xen-devel] [PATCH] xen: grant-table: Check truncation when giving access to a frame > -----Original Message----- > From: Xen-devel [mailto:xen-devel-bounces@...ts.xen.org] On Behalf Of > Julien Grall > Sent: 13 June 2016 12:10 > To: David Vrabel; boris.ostrovsky@...cle.com; jgross@...e.com; > sstabellini@...nel.org; konrad.wilk@...cle.com > Cc: Andrew Cooper; steve.capper@....com; linux-kernel@...r.kernel.org; > JBeulich@...e.com; xen-devel@...ts.xen.org > Subject: Re: [Xen-devel] [PATCH] xen: grant-table: Check truncation when > giving access to a frame > > Hi David, > > On 13/06/16 11:57, David Vrabel wrote: > > On 13/06/16 11:50, Julien Grall wrote: > >> The version 1 of the grant-table protocol only supports frame encoded on > >> 32-bit. > >> > >> When the platform is supporting 48-bit physical address, the frame will > >> be encoded on 36-bit which will lead a truncation and give access to > >> the wrong frame. > >> > >> On ARM Xen will always allow the guest to use all the physical address, > >> although today the RAM is always located under 40-bits (see > >> xen/include/public/arch-arm.h). > >> > >> Add a truncation check in gnttab_update_entry_v1 to prevent the guest > to > >> give access to the wrong frame. > > > > In hindsight, we shouldn't have dropped the V2 support from Linux. > > Should we reinstate it? > > What were the reasons to drop the v2 support from Linux? More > importantly why people did choose to stay on v1? > One of the main reasons for v2's existence was to support a version of the netif protocol that pushed guest receive-side copy into the guest itself. This was done by granting pages from dom0, or from other guests, to the guest performing the copy. To do this securely a couple of things were needed: - The ability to have (copy only) sub-page grants. - The ability to transitively grant a ref from one domain to another. Unfortunately the idea did not scale as it became bottle-necked on dom0's grant table size, and there were some nasty corner cases to work around (which is why we also have a swap-grant-ref hypercall). In the end, guest copy was dropped and then there was really no need to use grant table v2. Using version 1 is simpler, and gives you more grant entries per page of table, so everyone stuck with that. Paul > Cheers, > > -- > Julien Grall > > _______________________________________________ > Xen-devel mailing list > Xen-devel@...ts.xen.org > http://lists.xen.org/xen-devel
Powered by blists - more mailing lists