WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselve

from [Vincent Hanquez] [Permanent Link][Original]
To: Keir Fraser <keir@xxxxxxx>
Subject: Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves
From: Vincent Hanquez <vincent.hanquez@xxxxxxxxxxxxx>
Date: Tue, 9 Aug 2011 11:50:47 +0100
Cc: Olaf Hering <olaf@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 09 Aug 2011 03:44:25 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CA66C71E.300C3%keir@xxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <CA66C71E.300C3%keir@xxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.18) Gecko/20110626 Icedove/3.1.11 
On 08/09/2011 11:14 AM, Keir Fraser wrote:

On 09/08/2011 11:08, "Vincent Hanquez"<vincent.hanquez@xxxxxxxxxxxxx>
wrote:


xenstored: allow guests to reintroduce themselves

During kexec all old watches have to be removed, otherwise the new
kernel will receive unexpected events. Allow a guest to introduce itself
and cleanup all of its watches.


What about security wise ?

Guest userspace suddenly becomes able to do this operation (and DoS themself)
where they used to be limited to normal read/write/.. operations.


Guest userspace can already DoS the guest if it has access to xenstore, by
messing with xenbus I/O connections, for example.


How so ?
It seems we validate userspace packets (at least on linux) before actually 
putting them on the ring.

--
Vincent

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [PATCH 2 of 3] Enable UEFI BIOS(OVMF) support in Xen-unstable HVM, Keir Fraser
Next by Date:  Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves, Olaf Hering
Previous by Thread:  Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves, Keir Fraser
Next by Thread:  Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves, Keir Fraser
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy