|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH MM-PART3 v2 11/12] xen/arm: mm: Don't open-code Xen PT update in {set, clear}_fixmap()
On Thu, 13 Jun 2019, Julien Grall wrote: > Hi Stefano, > > On 13/06/2019 19:51, Stefano Stabellini wrote: > > On Thu, 13 Jun 2019, Julien Grall wrote: > >> On 6/12/19 11:33 PM, Stefano Stabellini wrote: > >>> On Tue, 14 May 2019, Julien Grall wrote: > > I think the basic principle is that with BUG_ON is "easy" for a guest to > > be able to trigger it, potentially causing a DOS. Without the BUG_ON, > > the guest is unlikely to be able to trigger a crash. However, if all the > > calls happen during boot in regards to operations that have nothing to > > do with guests behavior, then it is fine. > > Sadly, we don't seem to have used that approach on Arm so far. We have > quite a few BUG_ON() that could be triggered by the guest. For instance, > we used it to confirm that we interpreted correctly the spec... (see > GUEST_BUG_ON). The rationale was that a DOS is better than data leak. > > I have a series to try to reduce such BUG_ON. Good! > > > > I checked all the call sites and I agree that in this case they are all > > done during boot only. So in this case it is OK to have the > > panic/BUG_ON. > > Can I consider this as an acked-by/reviewed-by? Yes _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |