[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Dongxiao Xu <dongxiao.xu@xxxxxxxxx>, <xen-devel@xxxxxxxxxxxxx>
From: George Dunlap <george.dunlap@xxxxxxxxxxxxx>
Date: Tue, 8 Jul 2014 09:57:44 +0100
Cc: keir@xxxxxxx, Ian.Campbell@xxxxxxxxxx, stefano.stabellini@xxxxxxxxxxxxx, Ian.Jackson@xxxxxxxxxxxxx, dgdegra@xxxxxxxxxxxxx
Delivery-date: Tue, 08 Jul 2014 08:58:09 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 07/04/2014 11:52 AM, Andrew Cooper wrote:

On 04/07/14 11:30, Jan Beulich wrote:

On 04.07.14 at 11:40, <andrew.cooper3@xxxxxxxxxx> wrote:

On 04/07/14 09:34, Dongxiao Xu wrote:

Add a generic resource access hypercall for tool stack or other
components, e.g., accessing MSR, port I/O, etc.

Signed-off-by: Dongxiao Xu <dongxiao.xu@xxxxxxxxx>

This still permits a user of the hypercalls to play with EFER or
SYSENTER_EIP, which obviously is a very bad thing.

There needs to be a whitelist of permitted MSRs which can be accessed.

Hmm, I'm not sure. One particular purpose I see here is to allow the
tool stack (or Dom0) access to MSRs Xen may not know about (yet).
Furthermore, this being a platform op, only the hardware domain
should ever have access, and it certainly ought to know what it's
doing. So the sum of these two considerations is: If at all, we may
want a black list here.

Jan


I don't think it is safe for the toolstack to ever be playing with MSRs
which Xen is completely unaware of.  There is no guarentee whatsoever
that a new MSR which Xen is unaware of doesn't have security
implications if the toolstack were to play with it.

But the toolstack is part of the trusted base; it should be thinkingabout the security implications as much as Xen should.


 -George


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
  - From: Andrew Cooper

References:
- [Xen-devel] [PATCH v12 0/9] enable Cache QoS Monitoring (CQM) feature
  - From: Dongxiao Xu
- [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
  - From: Dongxiao Xu
- Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [Patch v6 01/13] docs: libxc migration stream specification
Next by Date: Re: [Xen-devel] [Spice-devel] screen freezed for 2-3 minutes on spice connect on xen windows 7 domU's with qxl after save/restore
Previous by thread: Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
Next by thread: Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.