This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Xen with grsec?

To: Pasi Kärkkäinen <pasik@xxxxxx>
Subject: Re: [Xen-devel] Xen with grsec?
From: Jacob Gorm Hansen <jacobg@xxxxxxx>
Date: Tue, 23 Nov 2004 11:42:46 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 23 Nov 2004 10:43:26 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
In-reply-to: <20041123092751.GO1139@xxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
References: <20041123092751.GO1139@xxxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 0.8 (X11/20040926)
Pasi Kärkkäinen wrote:
Has anyone tried running grsec with xen (2.4) ?

Are there any expected problems, or should it be ok "out-of-the-box"? I have not yet tried patching xen-patched kernel with grsec.. Just wanted to
ask if somebody has already tried this.

I am fairly sure you will run into infinite page-fault loops if you are trying to use the PaX 'software NX' implementation, because the call to Xen to update the page tables will frequently exhaust the associativity of the data-TLB.

You could find a way of implementing this part inside Xen though, by using an AVL or reserved bit to signify 'no execute', but this may be too much hassle.

The rest of grsec looks (from the description on the website) like it can be applied without problems.


SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>