[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
On 04/07/14 11:30, Jan Beulich wrote: >>>> On 04.07.14 at 11:40, <andrew.cooper3@xxxxxxxxxx> wrote: >> On 04/07/14 09:34, Dongxiao Xu wrote: >>> Add a generic resource access hypercall for tool stack or other >>> components, e.g., accessing MSR, port I/O, etc. >>> >>> Signed-off-by: Dongxiao Xu <dongxiao.xu@xxxxxxxxx> >> This still permits a user of the hypercalls to play with EFER or >> SYSENTER_EIP, which obviously is a very bad thing. >> >> There needs to be a whitelist of permitted MSRs which can be accessed. > Hmm, I'm not sure. One particular purpose I see here is to allow the > tool stack (or Dom0) access to MSRs Xen may not know about (yet). > Furthermore, this being a platform op, only the hardware domain > should ever have access, and it certainly ought to know what it's > doing. So the sum of these two considerations is: If at all, we may > want a black list here. > > Jan > I don't think it is safe for the toolstack to ever be playing with MSRs which Xen is completely unaware of. There is no guarentee whatsoever that a new MSR which Xen is unaware of doesn't have security implications if the toolstack were to play with it. Adding entries to a whitelist is easy and could be considered a maintenance activity similar to keeping the model/stepping information up-to-date. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |