[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: HVM/PVH Balloon crash
On Thu, Sep 30, 2021 at 09:08:34AM +0200, Jan Beulich wrote: > On 29.09.2021 17:31, Elliott Mitchell wrote: > > > > Copy and paste from the xl.cfg man page: > > > > nestedhvm=BOOLEAN > > Enable or disables guest access to hardware virtualisation > > features, e.g. it allows a guest Operating System to also > > function > > as a hypervisor. You may want this option if you want to run > > another hypervisor (including another copy of Xen) within a Xen > > guest or to support a guest Operating System which uses hardware > > virtualisation extensions (e.g. Windows XP compatibility mode on > > more modern Windows OS). This option is disabled by default. > > > > "This option is disabled by default." doesn't mean "this is an > > experimental feature with no security support and is likely to crash the > > hypervisor". > > Correct, but this isn't the only place to look at. Quoting > SUPPORT.md: You expect everyone to memorize SUPPORT.md (almost 1000 lines) before trying to use Xen? Your statement amounts to saying you really expect that. People who want to get work done will look at `man xl.cfg` when needed, and follow instructions. Mentioning something in `man xl.cfg` amounts to a statment "this is supported". Experimental/unsupported options need to be marked "EXPERIMENTAL: DO NOT ENABLE IN PRODUCTION ENVIRONMENTS". > Yet that's still a configuration error (of the guest), not a bug in > Xen. Documentation that poor amounts to a security vulnerability. I would suggest this needs 2 extra enablers. First, this has potential to panic the hypervisor. As such there needs to be an "enable_experimental=" option for the Xen command-line. The argument would be a list of features to enable ("nestedhvm" for this case). If this is absent, the hypervisor should ideally disable as much of the code related to the unsupported/experimental features as possible. Second, since this needs to be enabled per-domain, there should be a similar "enable_experimental" setting for xl.cfg options. I think this really is bad enough to warrant a security vulnerability and updates to all branches. -- (\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/) \BS ( | ehem+sigmsg@xxxxxxx PGP 87145445 | ) / \_CS\ | _____ -O #include <stddisclaimer.h> O- _____ | / _/ 8A19\___\_|_/58D2 7E3D DDF4 7BA6 <-PGP-> 41D1 B375 37D0 8714\_|_/___/5445
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |