From: Zachary Amsden <zach@vmware.com>
To: Andi Kleen <ak@muc.de>
Cc: virtualization@lists.osdl.org, Adrian Bunk <bunk@stusta.de>,
Andrew Morton <akpm@osdl.org>, Chris Wright <chrisw@sous-sol.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
Arjan van de Ven <arjan@infradead.org>
Subject: Re: [PATCH] paravirt.h
Date: Tue, 22 Aug 2006 10:36:35 -0700 [thread overview]
Message-ID: <44EB40A3.50700@vmware.com> (raw)
In-Reply-To: <200608221654.10558.ak@muc.de>
Andi Kleen wrote:
> On Tuesday 22 August 2006 16:25, Adrian Bunk wrote:
>
>> On Tue, Aug 22, 2006 at 03:50:57PM +0200, Andi Kleen wrote:
>>
>>>> this would need a "const after boot" section; which is really not hard
>>>> to make and probably useful for a lot more things.... todo++
>>>>
>>> except for anything that needs tlb entries in user space. And it only gives you
>>> false sense of security. --todo
>>>
>> What's the alternative?
>>
>
> The alternative is to not protect it, since protecting it doesn't
> offer any significant additional security over not protecting it.
>
Didn't someone point out yet that if you are vulnerable to someone
loading a kernel module of their choosing, you lose, plain and simple?
You don't need paravirt-ops to implement a rootkit, and it doesn't make
it any easier, and write protecting it is totally useless. How do you
think VMware runs on Linux? It takes over the hardware entirely, loads
a hypervisor, and starts running in a completely different world. And
it doesn't even need to use a single _GPL'd export to do that.
Write protection is great as a debug option to find accidental memory
corruptions. It is useless as a technique to prevent subversion. Um
hello, you're already at CPL-0. Just rewrite the page tables already.
>> Change it from a struct to a compile time choice?
>>
>
> One of the design goals of paravirt-ops was to allow single binaries
> that run on both native hardware and on hypervisors. So that would
> be a non starter.
Strongly agree.
Zach
next prev parent reply other threads:[~2006-08-22 17:36 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-10 9:35 [PATCH] paravirt.h Rusty Russell
2006-08-10 10:10 ` Rusty Russell
2006-08-10 10:30 ` Andi Kleen
2006-08-10 11:05 ` Rusty Russell
2006-08-10 11:31 ` Andi Kleen
2006-08-10 11:31 ` Andi Kleen
2006-08-10 13:03 ` Zachary Amsden
2006-08-10 15:14 ` Jeremy Fitzhardinge
[not found] ` <44DB54A5.50006@vmware.com>
[not found] ` <44DB6144.2080308@goop.org>
[not found] ` <1155262867.27719.2.camel@localhost.localdomain>
2006-08-11 2:34 ` Jeremy Fitzhardinge
2006-08-10 18:06 ` Jeremy Fitzhardinge
2006-08-19 1:21 ` Adrian Bunk
2006-08-19 2:46 ` Jeremy Fitzhardinge
2006-08-19 2:46 ` Jeremy Fitzhardinge
2006-08-20 8:50 ` Geert Uytterhoeven
2006-08-22 12:56 ` Jeremy Fitzhardinge
2006-08-22 14:08 ` Adrian Bunk
2006-08-22 14:08 ` Adrian Bunk
2006-08-22 13:56 ` Alan Cox
2006-08-22 13:56 ` Alan Cox
2006-08-22 13:44 ` Andi Kleen
2006-08-22 17:16 ` Zachary Amsden
2006-08-22 18:29 ` Arjan van de Ven
2006-08-22 19:30 ` Alan Cox
2006-08-22 19:17 ` Zachary Amsden
2006-08-22 19:26 ` Zachary Amsden
2006-08-22 19:29 ` Arjan van de Ven
2006-08-22 19:43 ` Zachary Amsden
2006-08-22 19:43 ` Zachary Amsden
2006-08-22 20:16 ` Andi Kleen
2006-08-22 22:02 ` Zachary Amsden
2006-08-23 1:55 ` Rusty Russell
2006-08-23 1:55 ` Rusty Russell
2006-08-23 2:12 ` Zachary Amsden
2006-08-23 7:56 ` Arjan van de Ven
2006-08-23 8:44 ` Zachary Amsden
2006-08-23 8:50 ` Andi Kleen
2006-08-23 9:01 ` Zachary Amsden
2006-08-23 9:06 ` Andi Kleen
2006-08-23 9:14 ` Zachary Amsden
2006-08-23 9:20 ` Andi Kleen
2006-08-23 9:36 ` Zachary Amsden
2006-08-23 9:41 ` Andi Kleen
2006-08-23 9:48 ` Zachary Amsden
2006-08-23 9:50 ` Andi Kleen
2006-08-23 10:03 ` Zachary Amsden
2006-08-23 10:03 ` Zachary Amsden
2006-08-23 11:24 ` Andi Kleen
2006-08-23 8:56 ` Arjan van de Ven
2006-08-23 8:18 ` Andi Kleen
2006-08-23 8:18 ` Andi Kleen
2006-08-23 8:38 ` Zachary Amsden
2006-08-22 21:36 ` Alan Cox
2006-08-22 13:45 ` Arjan van de Ven
2006-08-22 13:50 ` Andi Kleen
2006-08-22 14:25 ` Adrian Bunk
2006-08-22 14:25 ` Adrian Bunk
2006-08-22 14:54 ` Andi Kleen
2006-08-22 17:36 ` Zachary Amsden [this message]
2006-08-22 18:35 ` Alan Cox
2006-08-22 18:35 ` Alan Cox
2006-08-22 14:59 ` Jeremy Fitzhardinge
2006-08-22 15:12 ` Arjan van de Ven
2006-08-22 15:12 ` Arjan van de Ven
2006-08-22 15:58 ` Alan Cox
2006-08-22 15:58 ` Alan Cox
2006-08-23 1:35 ` Rusty Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44EB40A3.50700@vmware.com \
--to=zach@vmware.com \
--cc=ak@muc.de \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=arjan@infradead.org \
--cc=bunk@stusta.de \
--cc=chrisw@sous-sol.org \
--cc=linux-kernel@vger.kernel.org \
--cc=virtualization@lists.osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.