[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines

To: "Ian Jackson" <Ian.Jackson@xxxxxxxxxxxxx>, "Konrad Rzeszutek Wilk" <konrad.wilk@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Thu, 07 Apr 2016 11:23:25 -0600
Cc: Keir Fraser <keir@xxxxxxx>, ross.lagerwall@xxxxxxxxxx, andrew.cooper3@xxxxxxxxxx, Tim Deegan <tim@xxxxxxx>, mpohlack@xxxxxxxxx, sasha.levin@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 07 Apr 2016 17:23:37 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 07.04.16 at 18:19, <Ian.Jackson@xxxxxxxxxxxxx> wrote:
> Konrad Rzeszutek Wilk writes ("[PATCH v6 08/24] xsplice: Add helper elf 
> routines"):
>> From: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
>> 
>> Add Elf routines and data structures in preparation for loading an
>> xSplice payload.
>> 
>> We make an assumption that the max number of sections an ELF payload
>> can have is 64. We can in future make this be dependent on the
>> names of the sections and verifying against a list, but for right now
>> this suffices.
>> 
>> Also we a whole lot of checks to make sure that the ELF payload
>> file is not corrupted nor that the offsets point past the file.
> 
> This is good, but: ideally I would like to avoid conducting a detailed
> security review of this code.
> 
> My understanding of this is that the purpose of this machinery is to
> supply binary runtime patches to the hypervisor.  So I think someone
> who can inject malicious xsplice payloads can already control the
> host.  Is that right ?
> 
> If so then bugs in this loader cannot be any security impact.

Well, in a way this depends on re-visiting the position we take
related to heavy disaggregation, which I mean to put up as a
subject on the hackathon.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v6] xSplice v1 design and implementation.
  - From: Konrad Rzeszutek Wilk
- [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines
  - From: Konrad Rzeszutek Wilk
- Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines
  - From: Ian Jackson

Prev by Date: Re: [Xen-devel] [for-4.7] xen/arm64: correctly emulate the {w, x}zr registers
Next by Date: Re: [Xen-devel] [PATCH] x86/emulate: Check current->arch.vm_event in hvmemul_virtual_to_linear()
Previous by thread: Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines
Next by thread: Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.