[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall

To: Jan Beulich <JBeulich@xxxxxxxx>, Dongxiao Xu <dongxiao.xu@xxxxxxxxx>, <xen-devel@xxxxxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Fri, 4 Jul 2014 11:52:36 +0100
Cc: keir@xxxxxxx, Ian.Campbell@xxxxxxxxxx, George.Dunlap@xxxxxxxxxxxxx, stefano.stabellini@xxxxxxxxxxxxx, Ian.Jackson@xxxxxxxxxxxxx, dgdegra@xxxxxxxxxxxxx
Delivery-date: Fri, 04 Jul 2014 10:53:06 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 04/07/14 11:30, Jan Beulich wrote:
>>>> On 04.07.14 at 11:40, <andrew.cooper3@xxxxxxxxxx> wrote:
>> On 04/07/14 09:34, Dongxiao Xu wrote:
>>> Add a generic resource access hypercall for tool stack or other
>>> components, e.g., accessing MSR, port I/O, etc.
>>>
>>> Signed-off-by: Dongxiao Xu <dongxiao.xu@xxxxxxxxx>
>> This still permits a user of the hypercalls to play with EFER or
>> SYSENTER_EIP, which obviously is a very bad thing.
>>
>> There needs to be a whitelist of permitted MSRs which can be accessed.
> Hmm, I'm not sure. One particular purpose I see here is to allow the
> tool stack (or Dom0) access to MSRs Xen may not know about (yet).
> Furthermore, this being a platform op, only the hardware domain
> should ever have access, and it certainly ought to know what it's
> doing. So the sum of these two considerations is: If at all, we may
> want a black list here.
>
> Jan
>

I don't think it is safe for the toolstack to ever be playing with MSRs
which Xen is completely unaware of.  There is no guarentee whatsoever
that a new MSR which Xen is unaware of doesn't have security
implications if the toolstack were to play with it.

Adding entries to a whitelist is easy and could be considered a
maintenance activity similar to keeping the model/stepping information
up-to-date.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
  - From: George Dunlap
- Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
  - From: Xu, Dongxiao

References:
- [Xen-devel] [PATCH v12 0/9] enable Cache QoS Monitoring (CQM) feature
  - From: Dongxiao Xu
- [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
  - From: Dongxiao Xu
- Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] [PATCH v7 5/6] xen/arm: physical irq follow virtual irq
Next by Date: Re: [Xen-devel] [PATCH v3 3/6] xen/PMU: Initialization code for Xen PMU
Previous by thread: Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
Next by thread: Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.