[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 10/16] SUPPORT.md: Add Debugging, analysis, crash post-portem
On 11/21/2017 08:48 AM, Jan Beulich wrote: >>>> On 13.11.17 at 16:41, <george.dunlap@xxxxxxxxxx> wrote: >> --- a/SUPPORT.md >> +++ b/SUPPORT.md >> @@ -152,6 +152,35 @@ Output of information in machine-parseable JSON format >> >> Status: Supported, Security support external >> >> +## Debugging, analysis, and crash post-mortem >> + >> +### gdbsx >> + >> + Status, x86: Supported >> + >> +Debugger to debug ELF guests >> + >> +### Soft-reset for PV guests >> + >> + Status: Supported >> + >> +Soft-reset allows a new kernel to start 'from scratch' with a fresh VM >> state, >> +but with all the memory from the previous state of the VM intact. >> +This is primarily designed to allow "crash kernels", >> +which can do core dumps of memory to help with debugging in the event of a >> crash. >> + >> +### xentrace >> + >> + Status, x86: Supported >> + >> +Tool to capture Xen trace buffer data >> + >> +### gcov >> + >> + Status: Supported, Not security supported > > I agree with excluding security support here, but why wouldn't the > same be the case for gdbsx and xentrace? From my initial post: --- gdbsx security support: Someone may want to debug an untrusted guest, so I think we should say 'yes' here. xentrace: Users may want to trace guests in production environments, so I think we should say 'yes'. gcov: No good reason to run a gcov hypervisor in a production environment. May be ways for a rogue guest to DoS. --- xentrace I would argue for security support; I've asked customers to send me xentrace data as part of analysis before. I also know enough about it that I'm reasonably confident the risk of an attack vector is pretty low. I don't have a strong opinion on gdbsx; I'd call it 'supported', but if you think we need to exclude it from security support I'm happy with that as well. -George _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |