[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Is exposing shared_info to user-land secure?

To: "dan.magenheimer@xxxxxxxxxx" <dan.magenheimer@xxxxxxxxxx>
From: Jeremy Fitzhardinge <jeremy@xxxxxxxx>
Date: Fri, 01 Aug 2008 13:31:23 -0700
Cc: "Xen-Devel \(E-mail\)" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Fri, 01 Aug 2008 13:31:48 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Dan Magenheimer wrote:

Is it "safe" in a paravirtualized guest to expose shared_info
(at least read-only) to user-land?  That is, is there data
in shared_info that could be used by a malicious program to
compromise a guest OS (ignoring very complex side-channel
attacks anyway)?

We have apps that constantly do various time syscalls (e.g.
to gettimeofday()) and I'm thinking if vcpu_info(cpu)->time_info
was directly readable by an enterprise app, it could do
the time calculations itself and save the syscall overhead.

You can use the HYPERVISOR_vcpu_op(VCPUOP_register_vcpu_info, )hypercall to move the vcpu structure out of the shared info structure;that could be placed somewhere mappable. Though currently I use it toput it into the percpu data area for quick kernel access; it definitelywouldn't be mappable by userspace there (well, not without padding itout to its own page, at least).


   J

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

References:
- [Xen-devel] Is exposing shared_info to user-land secure?
  - From: Dan Magenheimer

Prev by Date: Re: [PATCH] Re: [Xen-devel] distclean failure
Next by Date: Re: [Xen-devel] Is exposing shared_info to user-land secure?
Previous by thread: Re: [Xen-devel] Is exposing shared_info to user-land secure?
Next by thread: [Xen-devel] [PATCH] Allow xm to spawn vnc viewer
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.