[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [Patch] Enable SMEP CPU feature support for XEN itself

  • To: "Li, Xin" <xin.li@xxxxxxxxx>, "Yang, Wei Y" <wei.y.yang@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • From: Keir Fraser <keir.xen@xxxxxxxxx>
  • Date: Wed, 01 Jun 2011 21:43:42 +0100
  • Cc:
  • Delivery-date: Thu, 02 Jun 2011 03:28:34 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=user-agent:date:subject:from:to:message-id:thread-topic :thread-index:in-reply-to:mime-version:content-type :content-transfer-encoding; b=JeuryyTisoLKM2kPPPMGtZ2AZ6XD9Ry0U8fXKD5DYMTlUhWLcPLYXivUEPqJ9klAuY 0RvMVisL4VfSooW4z10Cg75SyrulCdcaSXYh2cBkHPKqSLGA75y4m73zSWvSVC3DWKoo XlfHUum8M1ZhUUBRn153UFifYmyT1ON+onN/U=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
  • Thread-index: AcwgVcdx+MEnPLpEQiCW7V8mG/kTcwAB1C2gAATM9UkAATxcMAAJ1pbS
  • Thread-topic: [Xen-devel] [Patch] Enable SMEP CPU feature support for XEN itself
On 01/06/2011 17:15, "Li, Xin" <xin.li@xxxxxxxxx> wrote:

>>> This patch enables SMEP in Xen to protect Xen hypervisor from executing pv
>>> guest code,
>> 
>> Well not really. In the case that *Xen* execution triggers SMEP, you should
>> crash.
> 
> You don't expect Xen can trigger SMEP? somehow I agree, but in case there is
> any null pointer in Xen, an evil pv guest can easily get control of the
> system.

Of course. I don't disagree there can be bugs in Xen. :-)

>> 
>>> and kills a pv guest triggering SMEP fault.
>> 
>> Should only occur when the guest kernel triggers the SMEP.
> 
> According to code base size, it's much easier for malicious applications to
> explore
> security holes in kernel.  But unluckily SMEP doesn't apply to the ring 3
> where
> x86_64 pv kernel runs on.  It's wiser to use HVM :)

Yep, but 32-bit guests can still benefit.

>> Basically you need to pull your check out of spurious_page_fault() and into
>> the two callers, because their responses should differ (one crashes the
>> guest, the other crashes the hypervisor).
>> Please define an enumeration for the return codes from spurious_pf, rather
>> than using magic numbers.
> 
> Will do.

Thanks.

 - Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.