WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH] add canonical address checks to HVM

To: "Keir Fraser" <keir@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] add canonical address checks to HVM
From: "Jan Beulich" <jbeulich@xxxxxxxxxx>
Date: Fri, 01 Dec 2006 08:20:12 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 01 Dec 2006 00:18:37 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <C1959326.5213%keir@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <456FF03E.76E4.0078.0@xxxxxxxxxx> <C1959326.5213%keir@xxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
>>> Keir Fraser <keir@xxxxxxxxxxxxx> 01.12.06 09:07 >>>
>On 1/12/06 8:05 am, "Jan Beulich" <jbeulich@xxxxxxxxxx> wrote:
>
>> I think it might be a security issue:
>> - In MSR writes, are you certain there's not going to be any problem now or
>> in the future when the state gets actually loaded into CPU registers?
>> - In memory accesses, at least until no failures to read/write guest memory
>> are being ignored anymore.
>
>We should be defensive about guest reads/writes/MSR-accesses anyway. I.e.,
>we should at least accept faults on those accesses, and make sure the worst
>that happens is a domain crash.

That I take for granted. But it's far from optimal. I don't know about modern
Windows (has been too long since I was last looking at their handling of this),
but at least Linux takes precautions when doing potentially dangerous
accesses in so many places that it would seem unreasonable to crash a
domain when it could be passed a simple fault at the right point, and let it
decide for itself whether it wants to die.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel