WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH][P2M] add printk to NP PAE logic in p2m

from [Stephen C. Tweedie] [Permanent Link][Original]
To: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH][P2M] add printk to NP PAE logic in p2m
From: "Stephen C. Tweedie" <sct@xxxxxxxxxx>
Date: Wed, 16 Jan 2008 15:36:21 +0000
Cc: Stephen Tweedie <sct@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, "Woller, Thomas" <thomas.woller@xxxxxxx>
Delivery-date: Wed, 16 Jan 2008 07:41:57 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <C3B2BA9A.12377%Keir.Fraser@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <C3B2BA9A.12377%Keir.Fraser@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
Hi,

On Tue, 2008-01-15 at 19:31 +0000, Keir Fraser wrote:
> If we add that printk() then it's on a path triggerable by an HVM guest (via
> the populate_physmap hypercall, for example) and there is a potential DoS
> attack. The need to modify the Xen command line to enable NPT on PAE
> hypervisor should really be caveat enough anyway.

Hardly, there's no reason at all for a user to assume that enabling NPT
in that situation will cause guest address spaces to be truncated.

Ideally we'd have a text message delivered back to the user on all
domain creations when this truncation happens.  A log message is
probably the minimum reasonable notification; truncating silently is a
pretty poor option.

There are plenty of solutions --- simply do the printk once per domain,
for example, or rate-limit it, or don't do it when the physmap is
populated but have a separate test at domain build time.  But truncating
silently seems to be one of the worst alternatives.

Cheers,
 Stephen



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [PATCH] SUSE has sensible use of ifup nowadays, Ian Jackson
Next by Date:  Re: [Xen-devel] Test results on Unisys ES7000 64x 256gb using unstable c/s 16693 on 3.2.0 Release Candidate, Bill Burns
Previous by Thread:  Re: [Xen-devel] [PATCH][P2M] add printk to NP PAE logic in p2m, Keir Fraser
Next by Thread:  Re: [Xen-devel] [PATCH][P2M] add printk to NP PAE logic in p2m, Stephen C. Tweedie
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy