WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-ia64-devel

Re: [Xen-ia64-devel] RE: PATCH: merge iva

To: "Magenheimer, Dan (HP Labs Fort Collins)" <dan.magenheimer@xxxxxx>, <xen-ia64-devel@xxxxxxxxxxxxxxxxxxx>, "Williamson, Alex (Linux Kernel Dev)" <alex.williamson@xxxxxx>
Subject: Re: [Xen-ia64-devel] RE: PATCH: merge iva
From: Tristan Gingold <Tristan.Gingold@xxxxxxxx>
Date: Thu, 15 Jun 2006 09:41:18 +0200
Delivery-date: Thu, 15 Jun 2006 00:37:31 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <516F50407E01324991DD6D07B0531AD5BC59BF@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-ia64-devel-request@lists.xensource.com?subject=help>
List-id: Discussion of the ia64 port of Xen <xen-ia64-devel.lists.xensource.com>
List-post: <mailto:xen-ia64-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=unsubscribe>
References: <516F50407E01324991DD6D07B0531AD5BC59BF@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-ia64-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.5
Le Mercredi 14 Juin 2006 18:48, Magenheimer, Dan (HP Labs Fort Collins) a 
écrit :
[...]
> I wasn't fighting the specific patch as much as providing
> history.  The possibility of vcr.iva being used maliciously
> is very small but vBlades evolved from a security-focused
> project so validating all privileged registers to eliminate
> security holes was an early vBlades objective. 
Thank you for the historical view.

> To contrive
> an example, if an attacker could somehow change vcr.iva,
> he might be able to cause arbitrary user code to be executed
> at PL2.
I still don't understand this example: privregs are only accessible at PL2.
So the attacker has to be in PL2.  This seems to be moot.

Tristan.

_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel

<Prev in Thread] Current Thread [Next in Thread>