/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider getting rid of u2mfn module and use /proc/PID/pagemap #1654

Closed
marmarek opened this Issue Jan 17, 2016 · 3 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 4.0
1 participant
@marmarek
@marmarek
Member

marmarek commented Jan 17, 2016

Starting with 2.6.25 Linux kernel does provide an interface to get MFN out of process virtual address. Which means we could replace custom u2mfn with that. While the change theoretically is small, this would mean we could use stock kernel, without any custom modules in the VM.

@marmarek marmarek added enhancement C: gui-virtualization C: kernel P: major release-notes labels Jan 17, 2016

@marmarek marmarek added this to the Release 4.0 milestone Jan 17, 2016

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jan 17, 2016

Member

Documentation: http://www.mjmwired.net/kernel/Documentation/vm/pagemap.txt
Member

marmarek commented Jan 17, 2016

Documentation: http://www.mjmwired.net/kernel/Documentation/vm/pagemap.txt

@marmarek marmarek referenced this issue Feb 11, 2016

Closed

simplify using custom kernel [module] installation by installing PV Grub related packages by default #1738

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Mar 11, 2016

Member

any idea what config options pagemap is tied to? I can't see it.

Looks like CONFIG_PROC_PAGE_MONITOR

I also imagine it's somewhat harmful to ASLR,

Process owner can't access it - it requires CAP_SYS_ADMIN. From the above documentation:

Since Linux 4.0 only users with the CAP_SYS_ADMIN capability can get PFNs.
In 4.0 and 4.1 opens by unprivileged fail with -EPERM. Starting from
4.2 the PFN field is zeroed if the user does not have CAP_SYS_ADMIN.
Reason: information about PFNs helps in exploiting Rowhammer vulnerability.

Anyway, it looks like /proc/$pid/pagemap doesn't contain enough information to really replace u2mfn. It gives PFNs (guest-specific pseudo-physical frame number), but we need MFNs (machine physical frame number).
Member

marmarek commented Mar 11, 2016

any idea what config options pagemap is tied to? I can't see it.

Looks like CONFIG_PROC_PAGE_MONITOR

I also imagine it's somewhat harmful to ASLR,

Process owner can't access it - it requires CAP_SYS_ADMIN. From the above documentation:

Since Linux 4.0 only users with the CAP_SYS_ADMIN capability can get PFNs.
In 4.0 and 4.1 opens by unprivileged fail with -EPERM. Starting from
4.2 the PFN field is zeroed if the user does not have CAP_SYS_ADMIN.
Reason: information about PFNs helps in exploiting Rowhammer vulnerability.

Anyway, it looks like /proc/$pid/pagemap doesn't contain enough information to really replace u2mfn. It gives PFNs (guest-specific pseudo-physical frame number), but we need MFNs (machine physical frame number).

@marmarek marmarek closed this Mar 11, 2016

@marmarek marmarek referenced this issue Oct 25, 2017

Closed

Archlinux template for QubesOS 4.0 #3185

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment