[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
On 07/04/2014 11:52 AM, Andrew Cooper wrote: On 04/07/14 11:30, Jan Beulich wrote:On 04.07.14 at 11:40, <andrew.cooper3@xxxxxxxxxx> wrote:On 04/07/14 09:34, Dongxiao Xu wrote:Add a generic resource access hypercall for tool stack or other components, e.g., accessing MSR, port I/O, etc. Signed-off-by: Dongxiao Xu <dongxiao.xu@xxxxxxxxx>This still permits a user of the hypercalls to play with EFER or SYSENTER_EIP, which obviously is a very bad thing. There needs to be a whitelist of permitted MSRs which can be accessed.Hmm, I'm not sure. One particular purpose I see here is to allow the tool stack (or Dom0) access to MSRs Xen may not know about (yet). Furthermore, this being a platform op, only the hardware domain should ever have access, and it certainly ought to know what it's doing. So the sum of these two considerations is: If at all, we may want a black list here. JanI don't think it is safe for the toolstack to ever be playing with MSRs which Xen is completely unaware of. There is no guarentee whatsoever that a new MSR which Xen is unaware of doesn't have security implications if the toolstack were to play with it. But the toolstack is part of the trusted base; it should be thinking about the security implications as much as Xen should. -George _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |