From: Keir Fraser <keir@xensource.com>
To: Trolle Selander <trolle.selander@gmail.com>,
Keir Fraser <keir@xensource.com>
Cc: Mats.Petersson@amd.com, xen-devel@lists.xensource.com,
thomas.woller@amd.com
Subject: Re: [PATCH] [HVM] Patches to make HVM capable of running OS/2.
Date: Fri, 16 Mar 2007 19:07:58 +0000 [thread overview]
Message-ID: <C2209B8E.BB1F%keir@xensource.com> (raw)
In-Reply-To: <515922b50703161122v4fd3df38v3b92dfd426f5db29@mail.gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 1849 bytes --]
Possibly, but I think that allocating, registering and tracking the pages if
they were owned by dom0 would be harder. I don;t have a clear idea how we¹d
do it without changes to the dom0 kernel.
Meanwhile, domUs have plenty of other shared-memory protocols with dom0
kernel and root processes. It just needs some care to make sure the
interface is sufficiently narrow and arguments are well checked. Burning
100% CPU is not considered a successful attack (although it would of course
be annoying!). You can detect it and fix it up without rebooting the system,
for example.
Anyway, I didn¹t take your e801 patch, but checked in my own fix as
changeset 14415. It should hit the main public tree in a few hours, or you
can see it in the staging tree sooner
(http://xenbits.xensource.com/staging/xen-unstable.hg).
All your other patches are in except the smsw one. I¹m looking at that now.
-- Keir
On 16/3/07 18:22, "Trolle Selander" <trolle.selander@gmail.com> wrote:
> Keeping them out of the guest's way is good enough for my current practical
> concerns, and this was the path my patch took, after all.
> For the record, though, I do think that the most correct thing would be to
> have the iopage & buffered_iopages owned by dom0, since they don't "belong" to
> the domU anymore than any other data structure used by the qemu-dm process.
> In fact, one could argue that domU access to these pages could be a
> theoretical way for a compromised domU to attack a process running as root in
> dom0. From what I've seen, the worst that can practically be done at the
> moment is making qemu-dm lock up while eating 100% cpu (by setting the
> buffered_iopage->read_pointer > buffered_iopage->read_pointer) but more evil
> minds than mine might be able to figure out a way to exploit this in a worse
> way.
[-- Attachment #1.2: Type: text/html, Size: 2423 bytes --]
[-- Attachment #2: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
next prev parent reply other threads:[~2007-03-16 19:07 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-16 12:07 [PATCH] [HVM] Patches to make HVM capable of running OS/2 Trolle Selander
2007-03-16 12:21 ` Keir Fraser
2007-03-16 12:45 ` Trolle Selander
2007-03-16 14:10 ` Keir Fraser
2007-03-16 18:22 ` Trolle Selander
2007-03-16 19:07 ` Keir Fraser [this message]
2007-03-16 20:11 ` Trolle Selander
2007-03-16 20:28 ` Keir Fraser
-- strict thread matches above, loose matches on Subject: below --
2007-03-21 9:12 ecs user
2007-03-21 12:47 ` Trolle Selander
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=C2209B8E.BB1F%keir@xensource.com \
--to=keir@xensource.com \
--cc=Mats.Petersson@amd.com \
--cc=thomas.woller@amd.com \
--cc=trolle.selander@gmail.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.