[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v12 1/9] x86: add generic resource (e.g. MSR) access hypercall



On 07/04/2014 11:52 AM, Andrew Cooper wrote:
On 04/07/14 11:30, Jan Beulich wrote:
On 04.07.14 at 11:40, <andrew.cooper3@xxxxxxxxxx> wrote:
On 04/07/14 09:34, Dongxiao Xu wrote:
Add a generic resource access hypercall for tool stack or other
components, e.g., accessing MSR, port I/O, etc.

Signed-off-by: Dongxiao Xu <dongxiao.xu@xxxxxxxxx>
This still permits a user of the hypercalls to play with EFER or
SYSENTER_EIP, which obviously is a very bad thing.

There needs to be a whitelist of permitted MSRs which can be accessed.
Hmm, I'm not sure. One particular purpose I see here is to allow the
tool stack (or Dom0) access to MSRs Xen may not know about (yet).
Furthermore, this being a platform op, only the hardware domain
should ever have access, and it certainly ought to know what it's
doing. So the sum of these two considerations is: If at all, we may
want a black list here.

Jan


I don't think it is safe for the toolstack to ever be playing with MSRs
which Xen is completely unaware of.  There is no guarentee whatsoever
that a new MSR which Xen is unaware of doesn't have security
implications if the toolstack were to play with it.

But the toolstack is part of the trusted base; it should be thinking about the security implications as much as Xen should.

 -George


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.