lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060804070142.GW2654@sequoia.sous-sol.org>
Date:	Fri, 4 Aug 2006 00:01:42 -0700
From:	Chris Wright <chrisw@...s-sol.org>
To:	Antonio Vargas <windenntw@...il.com>
Cc:	Chris Wright <chrisw@...s-sol.org>, Andrew Morton <akpm@...l.org>,
	Jeremy Fitzhardinge <jeremy@...source.com>, greg@...ah.com,
	zach@...are.com, linux-kernel@...r.kernel.org, torvalds@...l.org,
	hch@...radead.org, rusty@...tcorp.com.au, jlo@...are.com,
	xen-devel@...ts.xensource.com, simon@...source.com,
	ian.pratt@...source.com, jeremy@...p.org
Subject: Re: A proposal - binary

* Antonio Vargas (windenntw@...il.com) wrote:
> One feature I found missing at the paravirt patches is to allow the
> user to forbid the use of paravirtualization of certain features (via
> a bitmask on the kernel commandline for example) so that the execution
> drops into the native hardware virtualization system. Such a feature

There is no native harware virtualization system in this picture.  Maybe
I'm just misunderstanding you.

> would provide a big upwards compatibility for the kernel<->hypervisor
> system. The case for this would be needing to forcefully upgrade the
> hypervisor due to security issues and finding out that the hypervisor
> is  incompatible at the paravirtualizatrion level, then the user would
> be at least capable of continuing to run the old kernel with the new
> hypervisor until the compatibility is reached again.

This seems a bit like a trumped up example, as randomly disabling a part
of the pv interface is likely to cause correctness issues, not just
performance degradation.

Hypervisor compatibility is a slightly separate issue here.  There's two
interfaces.  The linux paravirt interface is internal to the kernel.
The hypervisor interface is external to the kernel.

kernel <--pv interface--> paravirt glue layer <--hv interface--> hypervisor

So changes to the hypervisor must remain ABI compatible to continue
working with the same kernel.  This is the same requirement the kernel
has with the syscall interface it provides to userspace.

> BTW, what is the recommended distro or kernel setup to help testing
> the latest paravirt patches? I've got a spare machine (with no needed
> data) at hand which could be put to good use.

Distro of choice.  Current kernel with the pv patches[1], but be
forewarned, they are very early, and not fully booting.

thanks,
-chris

[1] mercurial patchqueue http://ozlabs.org/~rusty/paravirt/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ