On Tue, May 02, 2017 at 07:05:22PM +0100, Andrew Cooper wrote: > As originally reported, the Linear Pagetable slot maps 512GB of ram as RWX, > where the guest has full read access and a lot of direct or indirect control > over the written content. It isn't hard for a PV guest to hide shellcode > here. > > Therefore, increase defence in depth by auditing our current pagetable > mappings. > > * The regular linear, shadow linear, and per-domain slots have no business > being executable (but need to be written), so are updated to be NX. > * The Read Only mappings of the M2P (compat and regular) don't need to be > writeable or executable. > * The PV GDT mappings don't need to be executable. > > Reported-by: Jann Horn <ja...@google.com> > Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
Reviewed-by: Wei Liu <wei.l...@citrix.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
