This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


RE: [Xen-devel] [Patch] Enable SMEP CPU feature support for XEN itself

To: Keir Fraser <keir@xxxxxxx>, "Yang, Wei Y" <wei.y.yang@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-devel] [Patch] Enable SMEP CPU feature support for XEN itself
From: "Li, Xin" <xin.li@xxxxxxxxx>
Date: Thu, 2 Jun 2011 00:15:14 +0800
Accept-language: zh-CN, en-US
Acceptlanguage: zh-CN, en-US
Delivery-date: Wed, 01 Jun 2011 09:20:42 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CA0C18BD.2E126%keir@xxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <5D8008F58939784290FAB48F5497519844F6FB0DBA@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <CA0C18BD.2E126%keir@xxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcwgVcdx+MEnPLpEQiCW7V8mG/kTcwAB1C2gAATM9UkAATxcMA==
Thread-topic: [Xen-devel] [Patch] Enable SMEP CPU feature support for XEN itself
> > This patch enables SMEP in Xen to protect Xen hypervisor from executing pv
> > guest code,
> Well not really. In the case that *Xen* execution triggers SMEP, you should
> crash.

You don't expect Xen can trigger SMEP? somehow I agree, but in case there is
any null pointer in Xen, an evil pv guest can easily get control of the system.

> > and kills a pv guest triggering SMEP fault.
> Should only occur when the guest kernel triggers the SMEP.

According to code base size, it's much easier for malicious applications to 
security holes in kernel.  But unluckily SMEP doesn't apply to the ring 3 where
x86_64 pv kernel runs on.  It's wiser to use HVM :)

> Basically you need to pull your check out of spurious_page_fault() and into
> the two callers, because their responses should differ (one crashes the
> guest, the other crashes the hypervisor).
> Please define an enumeration for the return codes from spurious_pf, rather
> than using magic numbers.

Will do.

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>