|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2] features: declare the Credit2 scheduler as Supported.
On Wed, 2016-11-02 at 04:59 -0600, Jan Beulich wrote: > > > > On 02.11.16 at 11:22, <dario.faggioli@xxxxxxxxxx> wrote: > > The control domain can issue DOMCTL_SCHEDOP and SYSCTL_SCHEDOP > > hypercalls. Auditing such code, nothing that looks like a security > > risk has been found (E.g., there's no risk of leaking content of > > the hypervisor stack, as no buffer/local variables is returned). > > There certainly are buffers being returned here. Namely in the > credit2 case there's also a 32-bit padding field in the domctl > interface structure (and uniformly for all schedulers there's one > in the sysctl structure), which provides the fundamental means > to leak stack data. However, none of this is a problem, both > because iirc leaking stack data to Dom0 is not really considered > a security issue, and because of the way the structures get > dealt with. > Right, what I meant is really "none of this is a problem [...] because of the way the structures get dealt with". I.e., there is nothing like what made e0e3b8f64730f3ee necessary. > Nevertheless I think the above paragraph should be > re-worded. > Yep, I certainly could have said it better. But if leaking to Dom0 is not worth being considered, I guess I can just remove the paragraph entirely, can't I? Thanks and Regards, Dario -- <<This happens because I choose it to happen!>> (Raistlin Majere) ----------------------------------------------------------------- Dario Faggioli, Ph.D, http://about.me/dario.faggioli Senior Software Engineer, Citrix Systems R&D Ltd., Cambridge (UK) Attachment:
signature.asc _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |