[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH for-4.9] livepatch: Declare live patching as a supported feature



On 26/06/17 17:50, Ross Lagerwall wrote:
> On 06/26/2017 05:39 PM, Andrew Cooper wrote:
>> On 26/06/17 16:36, Ross Lagerwall wrote:
>>
>>>
>>> * Bugs which allow a guest to prevent the application of a livepatch:
>>>      A guest should not be able to prevent the application of a live
>>>      patch. If an unprivileged guest can prevent the application of a
>>>      live patch, it shall be treated as a security issue.
>>
>> This one is harder to say.  We know that enough concurrent live
>> migrations can, which extends to "lots of activity in the guest".  Its
>> perhaps worth noting the potential workaround of `xl pause $DOM;
>> xen-livepatch ...; xl unpause`.
>>
>> I'd prefer that we excluded situations like this from being within
>> security support.  "guest having heavy workloads" is normal for end
>> users, so shouldn't constitute a security vulnerability, as there is
>> nothing we can do about it.
>
> But surely live migrations cannot be triggered by the guest, only the
> host administrator? I don't know of any way of triggering the timeout
> from within an unprivileged guest.

Every VCPU issuing a loop of decrease/increase reservation on a single
gfn will cause a similar quantity of p2m lock contention.

On older AMD hardware, we have to hold the p2m read lock to service
hypercalls, which is why XSA-114 was issued.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.