Re: [Xen-devel] Re: Xen reboots when trying to start new domain

[Ian Pratt <Ian.Pratt@xxxxxxxxxxxx>]

Kip,

Out of interest, why have you needed to give FreeBSD its own
domain builder rather than use the 'generic ELF' one that Linux
and NetBSD share? (Plan9 has gone with its own builder as it uses
an a.out image format).
 
> Okay, I pushed some cleanups to BUILDDOMAIN. In particular we now
> check that the specified pagetable is in fact a valid pagetable :-D

It's not high on the todo list, but it would be nice to make the
domain builder completely untrusted, and hence be able to
delegate it just the privileges it needs for building a
particular domain. We're not too far away from that. Keir's
changes certainly make it harder for a domain builder to screw up
accidentally.

BTW: On the subject of safety, changelog watchers will have
noticed significant changes to Xen's 'writable pagetables'
implementation. We weren't intending to make changes like this so
late in the 2,0 release cycle, but it came to our attention that
the Opteron CPU's TLB has a PGD entry cache that isn't coherent
with memory[*]. This meant that it would have potentially been
possible for a malicious or compromised guest OS to contrive a
situation where it got to access pages that didn't belong to it.

We've now checked in an alternative implementation which should
be safe on both Intel and AMD.

Ian

[*] The x86 architecture is woefully underspecified in this
respect. Intel CPUs have a PGD entry cache, but current
implementations have a snooping mechanism that meant that our
previous scheme worked fine. 


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel