[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 2/2] x86: don't allow clearing of TF_kernel_mode for other than 64-bit PV
>>> On 31.05.17 at 13:08, <andrew.cooper3@xxxxxxxxxx> wrote: > On 31/05/17 08:15, Jan Beulich wrote: >> The flag is really only meant for those, both HVM and 32-bit PV tell >> kernel from user mode based on CPL/RPL. Remove the all-question-marks >> comment and let's be on the safe side here and also suppress clearing >> for 32-bit PV (this isn't a fast path after all). >> >> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> > > Wouldn't it just be safer to disallow starting a 64bit PV guest in user > mode? > > No real kernel would do such a thing, and keeping the corner case around > is bad from an attack-surface point of view. If it really was "starting a guest", I would probably agree. But we're talking about starting a vCPU, and I could see uses for this (not the least in XTF). After all the operation allows for enough state to be set up such that further initialization inside the guest may not be necessary. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |