From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: Jan Beulich <JBeulich@suse.com>
Cc: Keir Fraser <keir@xen.org>,
Xiantao Zhang <xiantao.zhang@intel.com>,
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
xen-devel@lists.xen.org
Subject: Re: [PATCH 2/6] xen/iommu: Move dom0 setup code out of __init
Date: Wed, 05 Mar 2014 17:25:11 -0500 [thread overview]
Message-ID: <5317A447.8050907@tycho.nsa.gov> (raw)
In-Reply-To: <531702D802000078001211D4@nat28.tlf.novell.com>
On 03/05/2014 04:56 AM, Jan Beulich wrote:
>>>> On 04.03.14 at 23:51, Daniel De Graaf <dgdegra@tycho.nsa.gov> wrote:
>> This is required to allow the hardware domain to be built by dom0 after
>> the __init sections have been discarded.
>
> Can you quantify the amount of code/data getting moved?
It looks like about one page of code and very little data (fits in slack space):
objdump -x old-xen-syms:
Idx Name Size VMA LMA File off Algn
0 .text 00138312 ffff82d080100000 ffff82d080100000 00001000 2**12
CONTENTS, ALLOC, LOAD, CODE
1 .rodata 0004a830 ffff82d080238320 ffff82d080238320 00139320 2**5
CONTENTS, ALLOC, LOAD, READONLY, DATA
2 .data.read_mostly 0000b1d8 ffff82d080282b80 ffff82d080282b80 00183b80 2**7
CONTENTS, ALLOC, LOAD, DATA
3 .data 0000e828 ffff82d08028e000 ffff82d08028e000 0018f000 2**12
CONTENTS, ALLOC, LOAD, DATA
4 .init.text 0002e96b ffff82d08029d000 ffff82d08029d000 0019e000 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
5 .init.data 0000f638 ffff82d0802cb980 ffff82d0802cb980 001cc980 2**5
CONTENTS, ALLOC, LOAD, DATA
6 .init.setup 000010c0 ffff82d0802dafc0 ffff82d0802dafc0 001dbfc0 2**5
CONTENTS, ALLOC, LOAD, DATA
7 .initcall.init 00000210 ffff82d0802dc080 ffff82d0802dc080 001dd080 2**3
CONTENTS, ALLOC, LOAD, DATA
8 .xsm_initcall.init 00000008 ffff82d0802dc290 ffff82d0802dc290 001dd290 2**3
CONTENTS, ALLOC, LOAD, DATA
9 .bss 0004c900 ffff82d0802e0000 ffff82d0802e0000 001dd298 2**7
ALLOC
objdump -x new-xen-syms:
0 .text 00139312 ffff82d080100000 ffff82d080100000 00001000 2**12
CONTENTS, ALLOC, LOAD, CODE
1 .rodata 0004a830 ffff82d080239320 ffff82d080239320 0013a320 2**5
CONTENTS, ALLOC, LOAD, READONLY, DATA
2 .data.read_mostly 0000b1d8 ffff82d080283b80 ffff82d080283b80 00184b80 2**7
CONTENTS, ALLOC, LOAD, DATA
3 .data 0000e828 ffff82d08028f000 ffff82d08028f000 00190000 2**12
CONTENTS, ALLOC, LOAD, DATA
4 .init.text 0002dfcb ffff82d08029e000 ffff82d08029e000 0019f000 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
5 .init.data 0000f5f8 ffff82d0802cbfe0 ffff82d0802cbfe0 001ccfe0 2**5
CONTENTS, ALLOC, LOAD, DATA
6 .init.setup 000010c0 ffff82d0802db5e0 ffff82d0802db5e0 001dc5e0 2**5
CONTENTS, ALLOC, LOAD, DATA
7 .initcall.init 00000210 ffff82d0802dc6a0 ffff82d0802dc6a0 001dd6a0 2**3
CONTENTS, ALLOC, LOAD, DATA
8 .xsm_initcall.init 00000008 ffff82d0802dc8b0 ffff82d0802dc8b0 001dd8b0 2**3
CONTENTS, ALLOC, LOAD, DATA
9 .bss 0004c980 ffff82d0802e0000 ffff82d0802e0000 001dd8b8 2**7
ALLOC
> Overall I wonder what the purpose is of allowing the hardware
> domain to be created later, rather than keeping Dom0 for this
> purpose. After all booting the system is very much hardware
> control. Once a control domain was spawned, Dom0 could then
> be revoked the right to create further domains.
One reason is to maintain a small trusted computing base for critical
components of the platform, such as the control domains and the vTPM
infrastructure. We would prefer to avoid as much parsing of unmeasured
(and therefore untrusted) data as possible in the early boot process
because any vulnerability in these parsers becomes an attack vector for
components depending on them.
When using TXT/TBOOT as the basis for trust, the Xen hypervisor and
domain 0 are measured and may be considered more trusted than the state
of hardware and any structures supplied by the BIOS that could be
modified by a bootloader or other unmeasured "gap code". When a domain
0 running Linux boots, it parses the ACPI tables and enumerates hardware
based on them prior to executing any user-space code. Exploits using
malicious ACPI tables can be used for privilege escalation (see
CVE-2010-4347 for an example), so if the domain building process were
run from the initrd, all domains on the system would be vulnerable to an
attack using this. ACPI is not the only attack vector here; malicious
hardware is very difficult to defend the hardware domain from once the
IOMMU begins allowing DMA access to the domain's memory.
A possible alternative that does not involve hypervisor modification
would be to have the domain builder use kexec() after building domains
and de-privileging itself. This requires a more complex domain builder,
and makes a number of security assertions more difficult to evaluate
from the security policy. With a separate domain builder and hardware
domain, certain ranges of memory (such as the TPM MMIO pages) can be
restricted from ever being accessible to the hardware domain in the
security policy. Using separate domains also avoids the possibility
that the domain builder neglects to clean up a mapping to a just-created
domain prior to kexec which could be used to later change that domain's
behavior; while a given version of the domain builder may not have such
bugs, new features (such as the ability to change the Xenstore start
info page after event channels are added) can introduce bugs that
silently violate the stated security policy.
>> --- a/xen/drivers/passthrough/vtd/x86/vtd.c
>> +++ b/xen/drivers/passthrough/vtd/x86/vtd.c
>> @@ -36,7 +36,7 @@
>> * iommu_inclusive_mapping: when set, all memory below 4GB is included in dom0
>> * 1:1 iommu mappings except xen and unusable regions.
>> */
>> -static bool_t __initdata iommu_inclusive_mapping = 1;
>> +static bool_t iommu_inclusive_mapping = 1;
>
> __read_mostly?
Yes. I used __read_mostly in the size tests above, and will in v2.
> Jan
--
Daniel De Graaf
National Security Agency
next prev parent reply other threads:[~2014-03-05 22:25 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-04 22:51 [PATCH 0/6] xen: Hardware domain support Daniel De Graaf
2014-03-04 22:51 ` [PATCH 1/6] xen: use domid check in is_hardware_domain Daniel De Graaf
2014-03-05 3:44 ` Julien Grall
2014-03-05 9:23 ` Jan Beulich
2014-03-05 15:25 ` Daniel De Graaf
2014-03-05 15:45 ` Jan Beulich
2014-03-05 21:23 ` Daniel De Graaf
2014-03-11 13:10 ` Ian Campbell
2014-03-04 22:51 ` [PATCH 2/6] xen/iommu: Move dom0 setup code out of __init Daniel De Graaf
2014-03-05 9:56 ` Jan Beulich
2014-03-05 22:25 ` Daniel De Graaf [this message]
2014-03-06 9:53 ` Jan Beulich
2014-03-04 22:51 ` [PATCH 3/6] xen: prevent 0 from being used as a dynamic domid Daniel De Graaf
2014-03-04 22:51 ` [PATCH 4/6] xen: Allow hardare domain != dom0 Daniel De Graaf
2014-03-05 3:50 ` Julien Grall
2014-03-05 23:04 ` Daniel De Graaf
2014-03-05 10:04 ` Jan Beulich
2014-03-05 23:04 ` Daniel De Graaf
2014-03-06 9:54 ` Jan Beulich
2014-03-04 22:51 ` [PATCH 5/6] tools/libxl: Allow dom0 to be destroyed Daniel De Graaf
2014-03-05 10:07 ` Jan Beulich
2014-03-05 12:02 ` Ian Jackson
2014-03-05 22:36 ` Daniel De Graaf
2014-03-10 16:45 ` Ian Jackson
2014-03-12 14:27 ` Daniel De Graaf
2014-03-13 17:17 ` Ian Jackson
2014-03-13 17:41 ` Daniel De Graaf
2014-03-14 14:32 ` Ian Jackson
2014-03-04 22:51 ` [PATCH 6/6] xenstored: add --master-domid to support domain builder Daniel De Graaf
2014-03-10 12:14 ` Ian Jackson
2014-03-04 23:32 ` Domain Builder Daniel De Graaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5317A447.8050907@tycho.nsa.gov \
--to=dgdegra@tycho.nsa.gov \
--cc=JBeulich@suse.com \
--cc=keir@xen.org \
--cc=suravee.suthikulpanit@amd.com \
--cc=xen-devel@lists.xen.org \
--cc=xiantao.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).