[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] features: declare the Credit2 scheduler as Supported.

To: "Dario Faggioli" <dario.faggioli@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Wed, 02 Nov 2016 05:29:26 -0600
Cc: Lars Kurth <lars.kurth@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anshul Makkar <anshul.makkar@xxxxxxxxxx>, IanJackson <ian.jackson@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, security@xxxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 02 Nov 2016 11:32:40 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 02.11.16 at 12:22, <dario.faggioli@xxxxxxxxxx> wrote:
> On Wed, 2016-11-02 at 04:59 -0600, Jan Beulich wrote:
>> > > > On 02.11.16 at 11:22, <dario.faggioli@xxxxxxxxxx> wrote:
>> > The control domain can issue DOMCTL_SCHEDOP and SYSCTL_SCHEDOP
>> > hypercalls. Auditing such code, nothing that looks like a security
>> > risk has been found (E.g., there's no risk of leaking content of
>> > the hypervisor stack, as no buffer/local variables is returned).
>> 
>> There certainly are buffers being returned here. Namely in the
>> credit2 case there's also a 32-bit padding field in the domctl
>> interface structure (and uniformly for all schedulers there's one
>> in the sysctl structure), which provides the fundamental means
>> to leak stack data. However, none of this is a problem, both
>> because iirc leaking stack data to Dom0 is not really considered
>> a security issue, and because of the way the structures get
>> dealt with. 
>>
> Right, what I meant is really "none of this is a problem [...] because
> of the way the structures get dealt with".
> 
> I.e., there is nothing like what made e0e3b8f64730f3ee necessary.
> 
>> Nevertheless I think the above paragraph should be
>> re-worded.
>> 
> Yep, I certainly could have said it better. But if leaking to Dom0 is
> not worth being considered, I guess I can just remove the paragraph
> entirely, can't I?

Well, stating this fact explicitly is imo better than omitting it just
for someone to later ask "And what about ..." Arguably this could
be said in one short sentence, though.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v2] features: declare the Credit2 scheduler as Supported.
  - From: Dario Faggioli
- Re: [Xen-devel] [PATCH v2] features: declare the Credit2 scheduler as Supported.
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v2] features: declare the Credit2 scheduler as Supported.
  - From: Dario Faggioli

Prev by Date: Re: [Xen-devel] [PATCH v2] features: declare the Credit2 scheduler as Supported.
Next by Date: Re: [Xen-devel] [PATCH 1/3] xen/err: Use static inlines and boolean types
Previous by thread: Re: [Xen-devel] [PATCH v2] features: declare the Credit2 scheduler as Supported.
Next by thread: [Xen-devel] [xen-unstable-coverity test] 101857: all pass - PUSHED
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.