[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/8] xen/evtchn: modify evtchn_alloc_unbound to allocate specified port


  • To: Julien Grall <julien@xxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 5 Jul 2022 17:06:18 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1K2o/RUtIEyu3ZgTyUpcbjVDofNnDg8YPvkvXfJ5DG0=; b=kitqLFWgWlkRZX99MKLhAdj5jaJojoPchSaerDKgG4ZEGAd5VQR8EKy2V1ngSzkmdspN7DvMQOHDvmhYoUskBDnFGEPTgDp+tVeiATK+oFXEL1O6Y9jvPrwdq0sfJi4G7wV4b1EJb7ClQ4cBrKLBv95vLhXXfCbEQzeUNZzTBbDCEBEV8ECCSTqhHKNEA0HgcrLa3YKW0ZhNDPG4a51hN+IOV3F7/fHzYW1vUFn3GM6TpfBjfR67culmOXle9GyLVNancpHzHZiq/sPEPDeA23UM7YZtk7baCfHRScccsYcGZ5Aynv5N64HMp3bTvBsTpYZOjZztNtQMZXk0CGhSJQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EAtHXaa0lhoZt76IS6yQsJYdovcuq93izWnHsucSjdZ+Lcvc2z15xqkEv+71NAxhQSkTeo30pW2THv2fztsbo37iAHOKpqDjYl3AldvE5+W9ley8jexyakX9DnUZlj2mdPLfqvej4yNhEnyNQreVVP9YbFOXEemMyUgOMwYo1Kwkvrs3kywkNyMaTLu4jwAFs8TMXuiIAbfAl16Zy6zuD0H08jB3zy9Ch4zlAMqy7P+icVVj40KGHPRRMBWRrMWbJ0qRJsbTrJgwxP44TwNMQ+1j4mfbs0jP+UeqnhAcRshUI9qtsKGIgzQd9fNEa8hFE2RZLUMupCI/vrvNS+xfLw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: bertrand.marquis@xxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Rahul Singh <rahul.singh@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Tue, 05 Jul 2022 15:06:27 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 22.06.2022 16:51, Julien Grall wrote:
> On 22/06/2022 15:37, Rahul Singh wrote:
>> evtchn_alloc_unbound() always allocates the next available port. Static
>> event channel support for dom0less domains requires allocating a
>> specified port.
>>
>> Modify the evtchn_alloc_unbound() to accept the port number as an
>> argument and allocate the specified port if available. If the port
>> number argument is zero, the next available port will be allocated.
> 
> I haven't yet fully reviewed this series. But I would like to point out 
> that this opening a security hole (which I thought I had mention before) 
> that could be exploited by a guest at runtime.
> 
> You would need [1] or similar in order to fix the issue. I am wrote 
> "similar" because the patch could potentially be a problem if you allow 
> a guest to use FIFO (you may need to allocate a lot of memory to fill 
> the hole).

At least from an abstract pov this is an issue with the shim then as
well, at the very least when shim's and the underlying Xen's alloc
algorithms would differ. With the nature of the shim that's not a
security concern, though.

Jan



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.