From mboxrd@z Thu Jan  1 00:00:00 1970
From: Dario Faggioli <dario.faggioli@citrix.com>
Subject: Re: [PATCH v2] features: declare the Credit2 scheduler
	as Supported.
Date: Wed, 2 Nov 2016 12:22:40 +0100
Message-ID: <1478085760.24942.32.camel@citrix.com>
References: <147808213853.22655.18440819543503331735.stgit@Solace.fritz.box>
 <5819D525020000780011B8EA@prv-mh.provo.novell.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0130944025536600859=="
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <prvs=107db5a98=dario.faggioli@citrix.com>)
 id 1c1td4-0005uU-W7
 for xen-devel@lists.xenproject.org; Wed, 02 Nov 2016 11:22:51 +0000
In-Reply-To: <5819D525020000780011B8EA@prv-mh.provo.novell.com>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
To: Jan Beulich <JBeulich@suse.com>
Cc: Lars Kurth <lars.kurth@citrix.com>, Stefano Stabellini <sstabellini@kernel.org>, Wei Liu <wei.liu2@citrix.com>, George Dunlap <George.Dunlap@eu.citrix.com>, Andrew Cooper <andrew.cooper3@citrix.com>, Anshul Makkar <anshul.makkar@citrix.com>, Ian Jackson <ian.jackson@eu.citrix.com>, Tim Deegan <tim@xen.org>, security@xenproject.org, xen-devel@lists.xenproject.org
List-Id: xen-devel@lists.xenproject.org

--===============0130944025536600859==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="=-fbcv0pZrzhXzEEgROq3x"

--=-fbcv0pZrzhXzEEgROq3x
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Wed, 2016-11-02 at 04:59 -0600, Jan Beulich wrote:
> > > > On 02.11.16 at 11:22, <dario.faggioli@citrix.com> wrote:
> > The control domain can issue DOMCTL_SCHEDOP and SYSCTL_SCHEDOP
> > hypercalls. Auditing such code, nothing that looks like a security
> > risk has been found (E.g., there's no risk of leaking content of
> > the hypervisor stack, as no buffer/local variables is returned).
>=20
> There certainly are buffers being returned here. Namely in the
> credit2 case there's also a 32-bit padding field in the domctl
> interface structure (and uniformly for all schedulers there's one
> in the sysctl structure), which provides the fundamental means
> to leak stack data. However, none of this is a problem, both
> because iirc leaking stack data to Dom0 is not really considered
> a security issue, and because of the way the structures get
> dealt with.=20
>
Right, what I meant is really "none of this is a problem [...] because
of the way the structures get dealt with".

I.e., there is nothing like what made=C2=A0e0e3b8f64730f3ee necessary.

> Nevertheless I think the above paragraph should be
> re-worded.
>=20
Yep, I certainly could have said it better. But if leaking to Dom0 is
not worth being considered, I guess I can just remove the paragraph
entirely, can't I?

Thanks and Regards,
Dario
--=20
<<This happens because I choose it to happen!>> (Raistlin Majere)
-----------------------------------------------------------------
Dario Faggioli, Ph.D, http://about.me/dario.faggioli
Senior Software Engineer, Citrix Systems R&D Ltd., Cambridge (UK)
--=-fbcv0pZrzhXzEEgROq3x
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJYGcyBAAoJEBZCeImluHPulBIP/jSSft1DvJvqvsTUQCRmuE6r
eyYSHbawu4Hfd6Ng2Rxxr6E1IBzZN0UZEFAVsFgmoymAgum+eGljb2CWfEtaMJET
PiColDXQUpiMve+lJew9lS+foUfpzbRZvjC4wKzxYfXLs/hHFxSys1YHM2nGNvAk
KNTTPp2WI9IcppfWHXkj02RECbuvcM1tRbQJ8cMM9jhthqbr3UuJmxckJVmhCF3c
KofEUiZtQzju/3l5q22S4Q0xP4eubxRLp6gO2+xAd/NmQsD8LdlGgp+OPmu058xo
iqrRjSARH2xZEHxXbsfwdtzQ8WfAEV2LgV2JQfMlukLuDpP2UY9mCZLmGXAUolFD
IV3juvx+41UBPyj5JGbEnNmd5FC8eqp36VkX3QQimQVJq1lMjKSrzsQ8aYSlGfw0
oVLd4JR8j+ziTdE/ZhnfAnwRfBg5PtRkU2drj8Azaz8ND9mdn18OpIcFXXSK6fkP
T4jDrVo7aiDg573w2yyZ7VMwRRZC8F+dB5Qr6Czv+nhoGjL333nlgD2JXwerE3Ik
eebuaDu5Q5EK0aFi/MpfDO4d6AyDPMWceV/9VPn96sjlIoyiU83/IOSW/iHlX0aP
z54Exj5LK78iKO5ifpmlSsfeZVgDZv6yKUzwYZvzvyG7/OVZP7rVOvd2ILmXBsYK
yBuOuFxhv3oKCMHVBvr6
=yUPj
-----END PGP SIGNATURE-----

--=-fbcv0pZrzhXzEEgROq3x--


--===============0130944025536600859==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVs
IG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3RzLnhlbi5v
cmcveGVuLWRldmVsCg==

--===============0130944025536600859==--