lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070209135739.GB18080@muc.de>
Date:	Fri, 9 Feb 2007 14:57:39 +0100
From:	Andi Kleen <ak@....de>
To:	Rusty Russell <rusty@...tcorp.com.au>
Cc:	virtualization@...ts.osdl.org,
	lkml - Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...l.org>, Sam Ravnborg <sam@...nborg.org>
Subject: Re: [PATCH 6/10] lguest code: the little linux hypervisor.

On Fri, Feb 09, 2007 at 11:39:31PM +1100, Rusty Russell wrote:
> On Fri, 2007-02-09 at 11:09 +0100, Andi Kleen wrote:
> > > +# This links the hypervisor in the right place and turns it into a C array.
> > > +$(obj)/hypervisor-raw: $(obj)/hypervisor.o
> > > +	@$(LD) -static -Tdata=`printf %#x $$(($(HYPE_ADDR)))` -Ttext=`printf %#x $$(($(HYPE_ADDR)+$(HYPE_DATA_SIZE)))` -o $@ $< && $(OBJCOPY) -O binary $@
> > > +$(obj)/hypervisor-blob.c: $(obj)/hypervisor-raw
> > > +	@od -tx1 -An -v $< | sed -e 's/^ /0x/' -e 's/$$/,/' -e 's/ /,0x/g' > $@
> > 
> > an .S file with .incbin is more efficient and simpler
> > (note it has to be an separate .S file, otherwise icecream/distcc break) 
> > 
> > It won't allow to show off any sed skills, but I guess we can live with that ;-)
> 
> Good idea, except I currently use sizeof(hypervisor_blob): I'd have to
> extract the size separately and hand it in the CFLAGS 8(

hypervisor_start:
	.incbin "hypervisor"
hypervisor_end:

...
	extern char hypervisor_start[], hypervisor_end[];

	size = hypervisor_end - hypervisor_start;

	


> > > +static int cpu_had_pge;
> > > +static struct {
> > > +	unsigned long offset;
> > > +	unsigned short segment;
> > > +} lguest_entry;
> > > +struct page *hype_pages; /* Contiguous pages. */
> > 
> > Statics? looks funky.  Why only a single hypervisor_vma?
> 
> We only have one switcher: it contains an array of "struct
> lguest_state"; one for each guest.  (This is host code we're looking at
> here).

This means it is not SMP safe? 

> No, the guest should not be able to evoke a printk from the host kernel.

This means nobody will know why it failed.

> > > +	else if (i < FIRST_EXTERNAL_VECTOR || i == SYSCALL_VECTOR)
> > > +		setup_idt(lg, i, &d);
> > > +	/* A virtual interrupt */
> > > +	else if (i < FIRST_EXTERNAL_VECTOR + LGUEST_IRQS)
> > > +		copy_trap(lg, &lg->interrupt[i-FIRST_EXTERNAL_VECTOR], &d);\
> > 
> > switch is not cool enough anymore?
> 
> It would have to be a switch then gunk at the bottom, because those last
> two tests don't switch-ify.  IIRC I changed back from a switch because
> of that.

gcc has a handy extension for this: 

case 0...FIRST_EXTERNAL_VECTOR-1:
case SYSCALL_VECTOR:
case FIRST_EXTERNAL_VECTOR...FIRST_EXTERNAL_VECTOR+LGUEST_IRQS:


Re: the loops; e.g. we used to have possible loop cases
when a page fault does read instructions and then causes another
page fault etc.etc. I haven't seen any immediate danger of this,
but it might be worth double checking.

-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ