[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] add canonical address checks to HVM



>>> Keir Fraser <keir@xxxxxxxxxxxxx> 30.11.06 18:55 >>>
>On 29/11/06 15:05, "Jan Beulich" <jbeulich@xxxxxxxxxx> wrote:
>
>> Add proper long mode canonical address checks to PIO emulation and MSR
>> writes, the former paralleling the limit checks added for 32-bit guests.
>> Also catches two more cases in the MSR handling code where only ECX
>> (rather than RCX) should be used.
>> 
>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxxxx>
>
>I wonder if we would be better consistently *removing* the canonical-address
>checks? It's not a security issue after all -- the check is done in hardware
>only to prevent code from ever depending on being able to use the high
>address bits for software flags. I think it is harmless to deviate from
>native behaviour on this issue and makes our emulation code smaller and
>simpler.

I think it might be a security issue:
- In MSR writes, are you certain there's not going to be any problem now or
in the future when the state gets actually loaded into CPU registers?
- In memory accesses, at least until no failures to read/write guest memory
are being ignored anymore.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.