[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] common/gnttab: Introduce command line feature controls



On 25/08/17 10:49, Jan Beulich wrote:
>>>> On 24.08.17 at 16:50, <andrew.cooper3@xxxxxxxxxx> wrote:
>> --- a/docs/misc/xen-command-line.markdown
>> +++ b/docs/misc/xen-command-line.markdown
>> @@ -868,6 +868,19 @@ Controls EPT related features.
>>  
>>  Specify which console gdbstub should use. See **console**.
>>  
>> +### gnttab
>> +> `= List of [ max_ver:<integer>, transitive ]`
>> +
>> +> Default: `gnttab=max_ver:2,transitive`
>> +
>> +Control various aspects of the grant table behaviour available to guests.
>> +
>> +* `max_ver` Select the maximum grant table version to offer to guests.  
>> Valid
>> +version are 1 and 2.
>> +* `transitive` Permit or disallow the use of transitive grants.  Note that 
>> the
>> +use of grant table v2 without transitive grants is an ABI breakage from the
>> +guests point of view.
> Btw, with the need to use v2 on huge systems I'm no longer
> convinced providing an option to disable it is a good idea.

"necessary to support larger systems" is not a valid reason to prevent
smaller systems having the option to reduce their hypervisor attack surface.

We have an unnecessarily large number of XSAs from hypervisor features
which noone uses, and a similarly large number of XSAs from features
which are only used in specialised usecases.

Removing unused attack surfaces in common cases makes perfect sense for
downstreams.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.