WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH][P2M] add printk to NP PAE logic in p2m

from [Stephen C. Tweedie] [Permanent Link][Original]
To: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH][P2M] add printk to NP PAE logic in p2m
From: "Stephen C. Tweedie" <sct@xxxxxxxxxx>
Date: Wed, 16 Jan 2008 16:52:45 +0000
Cc: Stephen Tweedie <sct@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, "Woller, Thomas" <thomas.woller@xxxxxxx>
Delivery-date: Wed, 16 Jan 2008 08:58:18 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <C3B2BA9A.12377%Keir.Fraser@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 03798903
References: <C3B2BA9A.12377%Keir.Fraser@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
Hi,

On Tue, 2008-01-15 at 19:31 +0000, Keir Fraser wrote:
> If we add that printk() then it's on a path triggerable by an HVM guest (via
> the populate_physmap hypercall, for example) and there is a potential DoS
> attack. The need to modify the Xen command line to enable NPT on PAE
> hypervisor should really be caveat enough anyway.

Hardly, there's no reason at all for a user to assume that enabling NPT
in that situation will cause guest address spaces to be truncated.

Ideally we'd have a text message delivered back to the user on all
domain creations when this truncation happens.  A log message is
probably the minimum reasonable notification; truncating silently is a
pretty poor option.

There are plenty of solutions --- simply do the printk once per domain,
for example, or rate-limit it, or don't do it when the physmap is
populated but have a separate test at domain build time.  But truncating
silently seems to be one of the worst alternatives.

Cheers,
 Stephen



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] linux: {start, stop}_hz_timer() not really affecting periodic timer?, Keir Fraser
Next by Date:  [Xen-devel] [PATCH] disable lomount and miniterm by default, Ian Jackson
Previous by Thread:  Re: [Xen-devel] [PATCH][P2M] add printk to NP PAE logic in p2m, Stephen C. Tweedie
Next by Thread:  [Xen-devel] about netchannel2, tgh
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy