[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] (4.5-rc1) Problems using xl migrate

To: George Dunlap <dunlapg@xxxxxxxxx>
From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Date: Tue, 25 Nov 2014 13:03:34 -0500
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>, M A Young <m.a.young@xxxxxxxxxxxx>
Delivery-date: Tue, 25 Nov 2014 18:07:44 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 11/25/2014 05:07 AM, George Dunlap wrote:

On Mon, Nov 24, 2014 at 10:05 PM, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote:

I do. The error is
(XEN) flask_domctl: Unknown op 72

Incidentally, Flask is running in permissive mode.

      Michael Young


This means that the new domctl needs to be added to the switch statement
in flask/hooks.c.  This error is triggered in permissive mode because it
is a code error rather than a policy error (which is what permissive mode
is intended to debug).


If that's the case, should we make that a BUG_ON()?  Or at least an
ASSERT() (which will only bug when compiled with debug=y), followed by
allow if in permissive mode, and deny if in enforcing mode?

Having it default deny, even in permissive mode, breaks the "principle
of least surprise", I think. :-)

  -George

Either one of these will allow a guest to crash the hypervisor by requesting

an undefined domctl, which is not really a good idea.  Linux uses a flag in
the security policy which defines if unknown permissions are allowed or
denied; I will send a patch adding this to Xen's security server and using
it instead of -EPERM in the default case of the switch statements.

The patch adding this feature probably shouldn't be applied to 4.5, but I'll
send it anyway.  I will also send a separate patch adding the 2 domctls.

--
Daniel De Graaf
National Security Agency

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
  - From: Konrad Rzeszutek Wilk

References:
- [Xen-devel] Problems using xl migrate
  - From: M A Young
- Re: [Xen-devel] Problems using xl migrate
  - From: Wei Liu
- Re: [Xen-devel] Problems using xl migrate
  - From: Andrew Cooper
- Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
  - From: M A Young
- Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
  - From: Andrew Cooper
- Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
  - From: M A Young
- Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
  - From: Daniel De Graaf
- Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
  - From: George Dunlap

Prev by Date: [Xen-devel] [PATCH] increase maxmem before calling xc_domain_populate_physmap
Next by Date: [Xen-devel] [PATCH for-4.5] xsm/flask: add two missing domctls
Previous by thread: Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
Next by thread: Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.