lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <5BDB20AB020000780014251B@prv1-mh.provo.novell.com>
Date:   Thu, 01 Nov 2018 09:50:03 -0600
From:   "Jan Beulich" <jbeulich@...e.com>
To:     "Juergen Gross" <jgross@...e.com>
Cc:     <sstabellini@...nel.org>, <xen-devel@...ts.xenproject.org>,
        <boris.ostrovsky@...cle.com>, <linux-kernel@...r.kernel.org>,
        <stable@...r.kernel.org>
Subject: Re: [Xen-devel] [PATCH] xen: remove size limit of privcmd-buf
 mapping interface

>>> Juergen Gross <jgross@...e.com> 11/01/18 3:23 PM >>>
>On 01/11/2018 15:18, Jan Beulich wrote:
>>>>> Juergen Gross <jgross@...e.com> 11/01/18 1:34 PM >>>
>>> Currently the size of hypercall buffers allocated via
>>> /dev/xen/hypercall is limited to a default of 64 memory pages. For live
>>> migration of guests this might be too small as the page dirty bitmask
>>> needs to be sized according to the size of the guest. This means
>>> migrating a 8GB sized guest is already exhausting the default buffer
>>> size for the dirty bitmap.
>>>
>>> There is no sensible way to set a sane limit, so just remove it
>>> completely. The device node's usage is limited to root anyway, so there
>>> is no additional DOS scenario added by allowing unlimited buffers.
>> 
>> But is this setting of permissions what we want long term? What about a
>> de-privileged qemu, which still needs to be able to issue at least dm-op
>> hypercalls?
>
>Wouldn't that qemu have opened the node while still being privileged?

Possibly, but how does this help? As soon as it's unprivileged it must not
be able to hog resources anymore.

Anyway, with Andrew's reply my point may be irrelevant, but I have to
admit I'm not entirely sure.

Jan


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ