Hi Ian, On 12/03/15 15:27, Ian Campbell wrote: >> Currently, check_type_get_page emulate only the check for 2). So you may >> end up to allow Xen writing in read-only mapping (from the Stage 1 POV). >> This was XSA-98. > > XSA-98 was purely about stage-2 permissions (e.g. read-only grants). The > fact that the resulting patch also checks stage-1 permissions is not a > security property AFAICT.
XSA-98 was for both... Without checking stage-1 permission a userspace which can issue an hypercall may be able to write into read-only kernel space. Whoops. Though it doesn't every possibility... Regards, -- Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
