|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH for-4.9] livepatch: Declare live patching as a supported feature
On 26/06/17 17:50, Ross Lagerwall wrote: > On 06/26/2017 05:39 PM, Andrew Cooper wrote: >> On 26/06/17 16:36, Ross Lagerwall wrote: >> >>> >>> * Bugs which allow a guest to prevent the application of a livepatch: >>> A guest should not be able to prevent the application of a live >>> patch. If an unprivileged guest can prevent the application of a >>> live patch, it shall be treated as a security issue. >> >> This one is harder to say. We know that enough concurrent live >> migrations can, which extends to "lots of activity in the guest". Its >> perhaps worth noting the potential workaround of `xl pause $DOM; >> xen-livepatch ...; xl unpause`. >> >> I'd prefer that we excluded situations like this from being within >> security support. "guest having heavy workloads" is normal for end >> users, so shouldn't constitute a security vulnerability, as there is >> nothing we can do about it. > > But surely live migrations cannot be triggered by the guest, only the > host administrator? I don't know of any way of triggering the timeout > from within an unprivileged guest. Every VCPU issuing a loop of decrease/increase reservation on a single gfn will cause a similar quantity of p2m lock contention. On older AMD hardware, we have to hold the p2m read lock to service hypercalls, which is why XSA-114 was issued. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |