| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Jul 2012 14:32:13 -0400 From: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com> To: Olaf Hering <olaf@...fle.de> Cc: Daniel Kiper <dkiper@...-space.pl>, xen-devel@...ts.xensource.com, kexec@...ts.infradead.org, linux-kernel@...r.kernel.org, Jan Beulich <JBeulich@...e.com> Subject: Re: [Xen-devel] incorrect layout of globals from head_64.S during kexec boot On Tue, Jul 10, 2012 at 08:09:53PM +0200, Olaf Hering wrote: > On Tue, Jul 10, Konrad Rzeszutek Wilk wrote: > > > On Tue, Jul 10, 2012 at 05:23:08PM +0200, Olaf Hering wrote: > > > I was not thinking of statically allocated pages but some new concept of > > > allocating such shared pages. Shouldnt there be some dedicated area in > > > the E820 table which has to be used during the whole life time of the > > > guest? > > > > Not that I can see. But I don't see why that could not be added? Perhaps > > the HVM loader can make it happen? But then how would it tell the kernel > > that this E820_RESERVED is the shared_info one. Not the other ones.. > > Maybe just use a new E820 type for this sort of thing? Its just the Ewww. > question wether some other OS can cope with an unknown type. From my > reading of the e820 related code a region with an unknown type is just > ignored. Sure. And we could scan it.. but scanning E820_UNKNOWN for some magic header seems .. hacky. > > > > Are there more shared areas or is it just the shared info page? > > > > > > > And I am kind of worried that moving it to the .data section won't > > > > be completly safe - as the decompressor might blow away that part too. > > > > > > The decompressor may just clear the area, but since there is no way to > > > tell where the shared pages are its always a risk to allocate them at > > > compile time. > > > > Yeah, and with the hypervisor potentially still updating the "old" > > MFN before the new kernel has registered the new MFN, we can end up > > corrupting the new kernel. Ouch. > > > > Would all of these issues disappear if the hypervisor had a hypercall > > that would stop updating the shared info? or just deregister the MFN? > > What if you ripped the GMFN out using 'decrease_reservation' hypercall? > > Would that eliminate the pesky GMFN? > > I'm not sure, most likely the gfn will just disappear from the guest, > like a ballooned page disappears. Accessing it will likely cause a > crash. What about an populate_physmap right afterwards to stick a newly minted GMFN in its place? I don't really know whether this dance of balloon out/balloon in the same GMFN will break the shared_info relationship. Perhaps not? What we are going for is to stop the hypervisor from using the shared_info MFN... perhaps there are other ways to do this? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists