From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Jan Beulich <JBeulich@suse.com>,
Dongxiao Xu <dongxiao.xu@intel.com>,
xen-devel@lists.xen.org
Cc: keir@xen.org, Ian.Campbell@citrix.com,
George.Dunlap@eu.citrix.com, stefano.stabellini@eu.citrix.com,
Ian.Jackson@eu.citrix.com, dgdegra@tycho.nsa.gov
Subject: Re: [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
Date: Fri, 4 Jul 2014 11:52:36 +0100 [thread overview]
Message-ID: <53B68774.4060603@citrix.com> (raw)
In-Reply-To: <53B69E490200007800020A70@mail.emea.novell.com>
On 04/07/14 11:30, Jan Beulich wrote:
>>>> On 04.07.14 at 11:40, <andrew.cooper3@citrix.com> wrote:
>> On 04/07/14 09:34, Dongxiao Xu wrote:
>>> Add a generic resource access hypercall for tool stack or other
>>> components, e.g., accessing MSR, port I/O, etc.
>>>
>>> Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
>> This still permits a user of the hypercalls to play with EFER or
>> SYSENTER_EIP, which obviously is a very bad thing.
>>
>> There needs to be a whitelist of permitted MSRs which can be accessed.
> Hmm, I'm not sure. One particular purpose I see here is to allow the
> tool stack (or Dom0) access to MSRs Xen may not know about (yet).
> Furthermore, this being a platform op, only the hardware domain
> should ever have access, and it certainly ought to know what it's
> doing. So the sum of these two considerations is: If at all, we may
> want a black list here.
>
> Jan
>
I don't think it is safe for the toolstack to ever be playing with MSRs
which Xen is completely unaware of. There is no guarentee whatsoever
that a new MSR which Xen is unaware of doesn't have security
implications if the toolstack were to play with it.
Adding entries to a whitelist is easy and could be considered a
maintenance activity similar to keeping the model/stepping information
up-to-date.
~Andrew
next prev parent reply other threads:[~2014-07-04 10:52 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-04 8:34 [PATCH v12 0/9] enable Cache QoS Monitoring (CQM) feature Dongxiao Xu
2014-07-04 8:34 ` [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall Dongxiao Xu
2014-07-04 9:40 ` Andrew Cooper
2014-07-04 10:30 ` Jan Beulich
2014-07-04 10:52 ` Andrew Cooper [this message]
2014-07-08 7:06 ` Xu, Dongxiao
2014-07-08 9:07 ` Andrew Cooper
2014-07-08 9:30 ` Jürgen Groß
2014-07-09 2:06 ` Xu, Dongxiao
2014-07-09 14:17 ` Daniel De Graaf
2014-07-08 8:57 ` George Dunlap
2014-07-08 9:20 ` Andrew Cooper
2014-07-04 10:44 ` Jan Beulich
2014-07-11 4:29 ` Xu, Dongxiao
2014-07-11 9:24 ` Andrew Cooper
2014-07-04 8:34 ` [PATCH v12 2/9] xsm: add resource operation related xsm policy Dongxiao Xu
2014-07-08 21:22 ` Daniel De Graaf
2014-07-09 5:28 ` Xu, Dongxiao
2014-07-09 14:17 ` Daniel De Graaf
2014-07-04 8:34 ` [PATCH v12 3/9] tools: provide interface for generic MSR access Dongxiao Xu
2014-07-04 11:42 ` Jan Beulich
2014-07-09 16:58 ` Ian Campbell
2014-07-23 7:48 ` Jan Beulich
2014-07-24 6:31 ` Xu, Dongxiao
2014-07-24 6:56 ` Jan Beulich
2014-07-24 6:36 ` Xu, Dongxiao
2014-07-09 17:01 ` Ian Campbell
2014-07-04 8:34 ` [PATCH v12 4/9] x86: detect and initialize Platform QoS Monitoring feature Dongxiao Xu
2014-07-04 11:56 ` Jan Beulich
2014-07-15 6:18 ` Xu, Dongxiao
2014-07-04 8:34 ` [PATCH v12 5/9] x86: dynamically attach/detach QoS monitoring service for a guest Dongxiao Xu
2014-07-04 12:06 ` Jan Beulich
2014-07-15 5:31 ` Xu, Dongxiao
2014-07-23 7:53 ` Jan Beulich
2014-07-04 8:34 ` [PATCH v12 6/9] x86: collect global QoS monitoring information Dongxiao Xu
2014-07-04 12:14 ` Jan Beulich
2014-08-01 8:26 ` Xu, Dongxiao
2014-08-01 9:19 ` Jan Beulich
2014-07-04 8:34 ` [PATCH v12 7/9] x86: enable QoS monitoring for each domain RMID Dongxiao Xu
2014-07-04 12:15 ` Jan Beulich
2014-07-04 8:34 ` [PATCH v12 8/9] xsm: add platform QoS related xsm policies Dongxiao Xu
2014-07-08 21:22 ` Daniel De Graaf
2014-07-04 8:34 ` [PATCH v12 9/9] tools: CMDs and APIs for Platform QoS Monitoring Dongxiao Xu
2014-07-10 15:50 ` Ian Campbell
2014-07-04 10:26 ` [PATCH v12 0/9] enable Cache QoS Monitoring (CQM) feature Jan Beulich
-- strict thread matches above, loose matches on Subject: below --
2014-07-15 2:23 [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall Xu, Dongxiao
2014-07-15 10:00 ` Andrew Cooper
2014-07-23 7:45 ` Jan Beulich
2014-07-23 9:09 ` Andrew Cooper
2014-07-28 10:01 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53B68774.4060603@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=dongxiao.xu@intel.com \
--cc=keir@xen.org \
--cc=stefano.stabellini@eu.citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).