[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v8] x86/altp2m: support for setting restrictions for an array of pages

>>> On 11.12.17 at 15:50, <george.dunlap@xxxxxxxxxx> wrote:
> On 12/11/2017 01:36 PM, Jan Beulich wrote:
>>>>> On 11.12.17 at 13:50, <george.dunlap@xxxxxxxxxx> wrote:
>>> You argued that we should keep PV linear pagetables, before knowing that
>>> NetBSD used them, in spite of having discovered two *actual*
>>> vulnerabilities in the implementation.  I don't really see how this is
>>> different.
>> It's quite the opposite to me - I don't see the similarity. On this
>> thread we're talking about new functionality, and how far to
>> expose it. PV linear page tables had been there (and considered
>> supported) for years, so removing the functionality or even only
>> calling it unsupported all of the sudden didn't seem right at all.
> Well the idea of calling it unsupported was assuming that there weren't
> many people using it; finding out that NetWare, and in particular
> NetBSD, still used it changes the situation quite a bit.
> What I remember you actually saying at the time was, "We have
> functionality already, I don't see why we don't make it secure rather
> than removing it."  The same kind of argument would seem to apply here:
> We have functionality that allows a guest agent to manipulate its altp2m
> access rights; why we don't make it secure rather than removing it?

That's a good option, but the patch here doesn't do so. Instead it
increases the amount of code that will later need auditing /


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.