|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Ping#2: Re: [PATCH 2/2] x86: don't allow clearing of TF_kernel_mode for other than 64-bit PV
>>> On 03.07.17 at 16:56, wrote: >>>> On 31.05.17 at 13:54, wrote: > >>>> On 31.05.17 at 13:08, <andrew.cooper3@xxxxxxxxxx> wrote: > > > On 31/05/17 08:15, Jan Beulich wrote: > > >> The flag is really only meant for those, both HVM and 32-bit PV tell > > >> kernel from user mode based on CPL/RPL. Remove the all-question-marks > > >> comment and let's be on the safe side here and also suppress clearing > > >> for 32-bit PV (this isn't a fast path after all). > > >> > > >> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> > > > > > > Wouldn't it just be safer to disallow starting a 64bit PV guest in user > > > mode? > > > > > > No real kernel would do such a thing, and keeping the corner case around > > > is bad from an attack-surface point of view. > > > > If it really was "starting a guest", I would probably agree. But we're > > talking about starting a vCPU, and I could see uses for this (not the > > least in XTF). After all the operation allows for enough state to be > > set up such that further initialization inside the guest may not be > > necessary. > > Any opinion here, or change of opinion on the original patch? I'd really like to get this off my list. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |