[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] (4.5-rc1) Problems using xl migrate

To: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
From: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
Date: Tue, 25 Nov 2014 13:17:46 -0500
Cc: Wei Liu <wei.liu2@xxxxxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <dunlapg@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, M A Young <m.a.young@xxxxxxxxxxxx>
Delivery-date: Tue, 25 Nov 2014 18:18:18 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Tue, Nov 25, 2014 at 01:03:34PM -0500, Daniel De Graaf wrote:
> On 11/25/2014 05:07 AM, George Dunlap wrote:
> >On Mon, Nov 24, 2014 at 10:05 PM, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> 
> >wrote:
> >>>I do. The error is
> >>>(XEN) flask_domctl: Unknown op 72
> >>>
> >>>Incidentally, Flask is running in permissive mode.
> >>>
> >>>      Michael Young
> >>>
> >>
> >>This means that the new domctl needs to be added to the switch statement
> >>in flask/hooks.c.  This error is triggered in permissive mode because it
> >>is a code error rather than a policy error (which is what permissive mode
> >>is intended to debug).
> >
> >If that's the case, should we make that a BUG_ON()?  Or at least an
> >ASSERT() (which will only bug when compiled with debug=y), followed by
> >allow if in permissive mode, and deny if in enforcing mode?
> >
> >Having it default deny, even in permissive mode, breaks the "principle
> >of least surprise", I think. :-)
> >
> >  -George
> Either one of these will allow a guest to crash the hypervisor by requesting
> an undefined domctl, which is not really a good idea.  Linux uses a flag in
> the security policy which defines if unknown permissions are allowed or
> denied; I will send a patch adding this to Xen's security server and using
> it instead of -EPERM in the default case of the switch statements.

Thought I think that for the DEBUG case we want to still be boldly
told about it so we can fix it.
> 
> The patch adding this feature probably shouldn't be applied to 4.5, but I'll
> send it anyway.  I will also send a separate patch adding the 2 domctls.
> 
> -- 
> Daniel De Graaf
> National Security Agency
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxx
> http://lists.xen.org/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] Problems using xl migrate
  - From: M A Young
- Re: [Xen-devel] Problems using xl migrate
  - From: Wei Liu
- Re: [Xen-devel] Problems using xl migrate
  - From: Andrew Cooper
- Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
  - From: M A Young
- Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
  - From: Andrew Cooper
- Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
  - From: M A Young
- Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
  - From: Daniel De Graaf
- Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
  - From: George Dunlap
- Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
  - From: Daniel De Graaf

Prev by Date: Re: [Xen-devel] [PATCH for-4.5 RFC v2] x86/HVM: Unconditionally crash guests on repeated vmentry failures
Next by Date: Re: [Xen-devel] [PATCH for-4.5] xsm/flask: add two missing domctls
Previous by thread: Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
Next by thread: [Xen-devel] [linux-linus test] 31766: regressions - FAIL
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.