[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH for-4.5 v6 00/16] Xen VMware tools support

To: Don Slutz <dslutz@xxxxxxxxxxx>
From: Tim Deegan <tim@xxxxxxx>
Date: Thu, 2 Oct 2014 12:05:07 +0200
Cc: Jun Nakajima <jun.nakajima@xxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Eddie Dong <eddie.dong@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxx, AravindGopalakrishnan <Aravind.Gopalakrishnan@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Suravee Suthikulpanit <suravee.suthikulpanit@xxxxxxx>
Delivery-date: Thu, 02 Oct 2014 10:05:43 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

At 16:00 -0400 on 26 Sep (1411743641), Don Slutz wrote:
> On 09/25/14 06:37, Tim Deegan wrote:
> > At 17:18 +0100 on 22 Sep (1411402700), Jan Beulich wrote:
> >>>>> On 22.09.14 at 17:38, <george.dunlap@xxxxxxxxxxxxx> wrote:
> >> That's indeed what was said so far. I wonder though whether opening
> >> this up without guest OS consent isn't gong to introduce a security
> >> issue inside the guest (depending on the exact functionality of these
> >> hypercalls).
> > Yes indeed.  VMware seems to have CPL checks on some of the commands
> > (but not all).  I guess Xen will be no worse than VMware if we do the
> > same, though I'd like to have an official spec to follow for that.
> 
> Yes, VMware has CPL checks on some of the commands.  Not at all
> clear the include file has the correct statement.  I have not do any
> checking of CPL nor does QEMU.

That needs to be fixed somewhere.  If Xen/Qemu is going to provide
this interface it _must_ copy the privilege checks, even if we don't
understand why they're there -- in fact, _especially_ if we don't
understand why they're there! :)

If the third-party header file isn't a reliable source, you'll have to
determine the correct behaviour by experiment.

> I could look into doing this, but with the xl.cfg flag vmware_port=0
> turns this all off, I do not see any need for CPL checking.

I strongly disagree with this.  If our implementation of this
interface makes guest OSes less secure than they would be under actual
VMware then the config option is irrelevant.

Cheers,

Tim.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH for-4.5 v6 00/16] Xen VMware tools support
  - From: Don Slutz

Prev by Date: [Xen-devel] [PATCH 3/4] xen/arm: introduce XENMEM_cache_flush
Next by Date: [Xen-devel] [PATCH 0/2] introduce XENMEM_cache_flush
Previous by thread: [Xen-devel] [PATCH 0/4] xen/arm: introduce XENMEM_cache_flush
Next by thread: Re: [Xen-devel] [PATCH for-4.5 v6 00/16] Xen VMware tools support
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.