Re: [PATCH v6 04/12] Add memory slot versioning and use it to providefast guest write interface

From: Avi Kivity
Date: Thu Oct 07 2010 - 06:01:26 EST

Next message: Marcel Holtmann: "Re: [PATCH 1/2] drivers:bluetooth: TI_ST bluetooth driver"
Previous message: Elvis Dowson: "Debugging Linux OMAP kernel with kgdb and Eclipse"
In reply to: Gleb Natapov: "Re: [PATCH v6 04/12] Add memory slot versioning and use it toprovide fast guest write interface"
Next in thread: Marcelo Tosatti: "Re: [PATCH v6 04/12] Add memory slot versioning and use it toprovide fast guest write interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/06/2010 10:08 PM, Gleb Natapov wrote:

> Malicious userspace can cause entry to be cached, ioctl
> SET_USER_MEMORY_REGION 2^32 times, generation number will match,
> mark_page_dirty_in_slot will be called with pointer to freed memory.
>
Hmm. To zap all cached entires on overflow we need to track them. If we
will track then we can zap them on each slot update and drop "generation"
entirely.

To track them you need locking.

Isn't SET_USER_MEMORY_REGION so slow that calling it 2^32 times isn't really feasible?

In any case, can use u64 generation count.

--
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Marcel Holtmann: "Re: [PATCH 1/2] drivers:bluetooth: TI_ST bluetooth driver"
Previous message: Elvis Dowson: "Debugging Linux OMAP kernel with kgdb and Eclipse"
In reply to: Gleb Natapov: "Re: [PATCH v6 04/12] Add memory slot versioning and use it toprovide fast guest write interface"
Next in thread: Marcelo Tosatti: "Re: [PATCH v6 04/12] Add memory slot versioning and use it toprovide fast guest write interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]