This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] [Patch] Enable SMEP CPU feature support for XEN itself

To: "Li, Xin" <xin.li@xxxxxxxxx>, "Yang, Wei Y" <wei.y.yang@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [Patch] Enable SMEP CPU feature support for XEN itself
From: Keir Fraser <keir.xen@xxxxxxxxx>
Date: Wed, 01 Jun 2011 21:43:42 +0100
Delivery-date: Thu, 02 Jun 2011 03:28:34 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:user-agent:date:subject:from:to:message-id :thread-topic:thread-index:in-reply-to:mime-version:content-type :content-transfer-encoding; bh=XmoGSKKQrIlpgW36jvw/4URhAk4+74KzRO9pC5yrEeU=; b=gQC02s+2Ptdk9GKq7+4qeGIYV9dklFgsbtHqeHRnrHn0dXJ8XXFJqZYBSNzE+9qdOX XW4sv1U0/fcMT9vPh2pK6hRa6Q8RQbm6Yg8mh8M91FWxqXRgSNAwFovpKVOKOBgrWeiy J6gmZJ47E1Xi807PCW6QVQWSgojtVKQxKo96A=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=user-agent:date:subject:from:to:message-id:thread-topic :thread-index:in-reply-to:mime-version:content-type :content-transfer-encoding; b=JeuryyTisoLKM2kPPPMGtZ2AZ6XD9Ry0U8fXKD5DYMTlUhWLcPLYXivUEPqJ9klAuY 0RvMVisL4VfSooW4z10Cg75SyrulCdcaSXYh2cBkHPKqSLGA75y4m73zSWvSVC3DWKoo XlfHUum8M1ZhUUBRn153UFifYmyT1ON+onN/U=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <FC2FB65B4D919844ADE4BE3C2BB739AD5AB18386@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcwgVcdx+MEnPLpEQiCW7V8mG/kTcwAB1C2gAATM9UkAATxcMAAJ1pbS
Thread-topic: [Xen-devel] [Patch] Enable SMEP CPU feature support for XEN itself
User-agent: Microsoft-Entourage/
On 01/06/2011 17:15, "Li, Xin" <xin.li@xxxxxxxxx> wrote:

>>> This patch enables SMEP in Xen to protect Xen hypervisor from executing pv
>>> guest code,
>> Well not really. In the case that *Xen* execution triggers SMEP, you should
>> crash.
> You don't expect Xen can trigger SMEP? somehow I agree, but in case there is
> any null pointer in Xen, an evil pv guest can easily get control of the
> system.

Of course. I don't disagree there can be bugs in Xen. :-)

>>> and kills a pv guest triggering SMEP fault.
>> Should only occur when the guest kernel triggers the SMEP.
> According to code base size, it's much easier for malicious applications to
> explore
> security holes in kernel.  But unluckily SMEP doesn't apply to the ring 3
> where
> x86_64 pv kernel runs on.  It's wiser to use HVM :)

Yep, but 32-bit guests can still benefit.

>> Basically you need to pull your check out of spurious_page_fault() and into
>> the two callers, because their responses should differ (one crashes the
>> guest, the other crashes the hypervisor).
>> Please define an enumeration for the return codes from spurious_pf, rather
>> than using magic numbers.
> Will do.


 - Keir

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>