This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


RE: [Xen-devel] [PATCH] Unified shutdown code

To: "Keir Fraser" <Keir.Fraser@xxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-devel] [PATCH] Unified shutdown code
From: "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>
Date: Tue, 11 Sep 2007 18:48:49 -0700
Cc: "Wang, Shane" <shane.wang@xxxxxxxxx>, "Wei, Gang" <gang.wei@xxxxxxxxx>
Delivery-date: Tue, 11 Sep 2007 18:49:29 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <C30BF183.D648%Keir.Fraser@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <D936D925018D154694D8A362EEB08920025E5745@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <C30BF183.D648%Keir.Fraser@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcfxsZEip0g/k3RSRdWVCnLdnRf+DgCHIfGIAAaqfEAAFKnpuQAo4CuQ
Thread-topic: [Xen-devel] [PATCH] Unified shutdown code
Keir Fraser <mailto:Keir.Fraser@xxxxxxxxxxxx> scribbled on Monday,
September 10, 2007 11:17 PM:
> On 10/9/07 22:22, "Cihula, Joseph" <joseph.cihula@xxxxxxxxx> wrote:
>> But the purpose of centralizing it was so that the hook into sboot's
>> shutdown wouldn't need to be in multiple place.  And the reason to
>> hook into sboot's shutdown (which also supports the halt action)
>> even though the system is being halt'ed is so that we don't leave
>> some path that allows the system to be subverted or misused while
>> still having privileged access to the TPM, etc.
> Why is Xen running a halt loop on every CPU any more exploitable than
> Xen running normal Xen code on every CPU? If every CPU is spinning on
> with interrupts disabled then the only signals that will change state
> things like NMI, INIT, reset?

I agree that with:  interrupts disabled, a halt loop, VT-d protections
still in place, the IDT in place, and TXT blocking INIT--that I cannot
think of any way to exploit the halt loop.  And I believe that all of
these conditions are true for all cases where Xen uses halt loops.  So
I'm OK with leaving the halt routines as-is.

>  -- Keir
>> That said, I'm not aware of any exploitable
>> conditions/paths/environment when Xen is placed in a halt loop (at
>> least none that JTAG users wouldn't already have without waiting for
>> the system to halt), so I suppose that this extra bit of caution is
>> not really necessary.  But if the EARLY_FAIL behavior gets changed
>> back to halt, is there any harm? 

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>