On 07/01/2020 15:21, Jan Beulich wrote: > On 06.01.2020 16:54, Andrew Cooper wrote: >> c/s ec92fcd1d08, which caused the trampoline GDT Access bits to be set, >> removed the final writes which occurred between enabling paging and switching >> to the high mappings. There don't plausibly need to be any memory writes in >> few instructions is takes to perform this transition. >> >> As a consequence, we can remove the RWX mapping of the trampoline. It is RX >> via its identity mapping below 1M, and RW via the directmap. >> >> Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com> > Reviewed-by: Jan Beulich <jbeul...@suse.com> > >> This probably wants backporting, alongside ec92fcd1d08 if it hasn't yet. > This is just cleanup, largely cosmetic in nature. It could be argued > that once the directmap has disappeared this can serve as additional > proof that the trampoline range has no (intended) writable mappings > anymore, but prior to that point I don't see much further benefit. > Could you expand on the reasons why you see both as backporting > candidates?
Defence in depth. An RWX mapping is very attractive for an attacker who's broken into Xen and is looking to expand the damage they can do. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
