|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] add canonical address checks to HVM
>>> Keir Fraser <keir@xxxxxxxxxxxxx> 01.12.06 09:07 >>> >On 1/12/06 8:05 am, "Jan Beulich" <jbeulich@xxxxxxxxxx> wrote: > >> I think it might be a security issue: >> - In MSR writes, are you certain there's not going to be any problem now or >> in the future when the state gets actually loaded into CPU registers? >> - In memory accesses, at least until no failures to read/write guest memory >> are being ignored anymore. > >We should be defensive about guest reads/writes/MSR-accesses anyway. I.e., >we should at least accept faults on those accesses, and make sure the worst >that happens is a domain crash. That I take for granted. But it's far from optimal. I don't know about modern Windows (has been too long since I was last looking at their handling of this), but at least Linux takes precautions when doing potentially dangerous accesses in so many places that it would seem unreasonable to crash a domain when it could be passed a simple fault at the right point, and let it decide for itself whether it wants to die. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |