Jan Beulich
2009-Aug-28 08:18 UTC
[Xen-devel] [PATCH] ept: remove execute permission for granted pages'' P2M entries
When backporting c/s 20026 I noticed that granted pages get execute
permission, which doesn''t seem desirable (and has been avoided for PV
guests for quite a while).
Even for p2m_mmio_direct is seems suspicious to allow execution, but me
being less certain here I left it as is for the time being.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
--- 2009-08-18.orig/xen/arch/x86/mm/hap/p2m-ept.c 2009-08-07 09:20:56.000000000
+0200
+++ 2009-08-18/xen/arch/x86/mm/hap/p2m-ept.c 2009-08-24 10:19:52.000000000 +0200
@@ -40,15 +40,21 @@ static void ept_p2m_type_to_flags(ept_en
return;
case p2m_ram_rw:
case p2m_mmio_direct:
- case p2m_grant_map_rw:
entry->r = entry->w = entry->x = 1;
return;
case p2m_ram_logdirty:
case p2m_ram_ro:
- case p2m_grant_map_ro:
entry->r = entry->x = 1;
entry->w = 0;
return;
+ case p2m_grant_map_rw:
+ entry->r = entry->w = 1;
+ entry->x = 0;
+ return;
+ case p2m_grant_map_ro:
+ entry->r = 1;
+ entry->w = entry->x = 0;
+ return;
}
}
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel