[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
From: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Date: Fri, 8 Apr 2016 14:26:48 +0100
Cc: Keir Fraser <keir@xxxxxxx>, Tim Deegan <tim@xxxxxxx>, mpohlack@xxxxxxxxx, ross.lagerwall@xxxxxxxxxx, Jan Beulich <jbeulich@xxxxxxxx>, sasha.levin@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 08 Apr 2016 13:30:34 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Andrew Cooper writes ("Re: [PATCH v6 08/24] xsplice: Add helper elf routines"):
> On 07/04/16 17:19, Ian Jackson wrote:
> > My understanding of this is that the purpose of this machinery is to
> > supply binary runtime patches to the hypervisor.  So I think someone
> > who can inject malicious xsplice payloads can already control the
> > host.  Is that right ?
> 
> Correct.

OK, good, then from my point of view:

Acked-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>

> > It might be worth mentioning somewhere that this loader must not be
> > used for xsplice payloads for guest kernels.
> 
> I don't see how this is related.  If the host admin wanted to patch
> guest kernels without using the kernels internal self-patching
> mechanism, it would be infinitely easier to do the patching from dom0,
> using toolstack mapping powers.

Well, maybe.  I was worried about someone trying to make this ELF
xsplice code dynamically patch a guest kernel at load time.  That
might seem like a convenient idea to them.  But if you think it's not
likely, then fine.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v6] xSplice v1 design and implementation.
  - From: Konrad Rzeszutek Wilk
- [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines
  - From: Konrad Rzeszutek Wilk
- Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines
  - From: Ian Jackson
- Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [PATCH 2/4] libxl: set the backend type to Qdisk for CDROM devices on DM HVM guests
Next by Date: Re: [Xen-devel] [PATCH 1/4] a fix in libxl_device_usbdev_list
Previous by thread: Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines
Next by thread: Re: [Xen-devel] [PATCH v6 08/24] xsplice: Add helper elf routines
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.