Hi list, I was hoping some people "in the know" about how the hypervisor works etc could take a look at the thread below and hopefully offer some advice. http://forums.grsecurity.net/viewtopic.php?f=1&t=2063&p=8759#p8745 The PaX developers are trying to get their patch to work on a 2.6.28 paravirt_ops kernel. They already have PaX working with a 2.6.27 paravirt_ops kernel, but a recent change to the PaX patch, specifically to map up to 4GB initially in the identity map is causing the kernel to panic when booted under xen. Any help on the matter would be greatly appreciated by all. Cheers, Brad _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Hi list, I was hoping some people "in the know" about how the hypervisor works etc could take a look at the thread below and hopefully offer some advice. http://forums.grsecurity.net/viewtopic.php?f=1&t=2063&p=8759#p8745 The PaX developers are trying to get their patch to work on a 2.6.28 paravirt_ops kernel. They already have PaX working with a 2.6.27 paravirt_ops kernel, but a recent change to the PaX patch, specifically to map up to 4GB initially in the identity map is causing the kernel to panic when booted under xen. Any help on the matter would be greatly appreciated by all. Cheers, Brad _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Brad Plant wrote:> Hi list, > > I was hoping some people "in the know" about how the hypervisor works etc could take a look at the thread below and hopefully offer some advice. > > http://forums.grsecurity.net/viewtopic.php?f=1&t=2063&p=8759#p8745 > > The PaX developers are trying to get their patch to work on a 2.6.28 paravirt_ops kernel. They already have PaX working with a 2.6.27 paravirt_ops kernel, but a recent change to the PaX patch, specifically to map up to 4GB initially in the identity map is causing the kernel to panic when booted under xen. > > Any help on the matter would be greatly appreciated by all. >Looks like what they''re trying to do is pretty redundant; Xen is pretty good at protecting the kernel''s pagetables for it. From just looking at that piece of thread, I''m guessing they''re creating writeable aliases of the pagetable pages, which Xen won''t allow. Yeah, this one: |(XEN) mm.c:794:d35 Attempt to create linear p.t. with write perms | J _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel