|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v8] x86/altp2m: support for setting restrictions for an array of pages
>>> On 11.12.17 at 15:50, <george.dunlap@xxxxxxxxxx> wrote: > On 12/11/2017 01:36 PM, Jan Beulich wrote: >>>>> On 11.12.17 at 13:50, <george.dunlap@xxxxxxxxxx> wrote: >>> You argued that we should keep PV linear pagetables, before knowing that >>> NetBSD used them, in spite of having discovered two *actual* >>> vulnerabilities in the implementation. I don't really see how this is >>> different. >> >> It's quite the opposite to me - I don't see the similarity. On this >> thread we're talking about new functionality, and how far to >> expose it. PV linear page tables had been there (and considered >> supported) for years, so removing the functionality or even only >> calling it unsupported all of the sudden didn't seem right at all. > > Well the idea of calling it unsupported was assuming that there weren't > many people using it; finding out that NetWare, and in particular > NetBSD, still used it changes the situation quite a bit. > > What I remember you actually saying at the time was, "We have > functionality already, I don't see why we don't make it secure rather > than removing it." The same kind of argument would seem to apply here: > We have functionality that allows a guest agent to manipulate its altp2m > access rights; why we don't make it secure rather than removing it? That's a good option, but the patch here doesn't do so. Instead it increases the amount of code that will later need auditing / altering. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |