| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
RE: [Xen-devel] [PATCH] Unified shutdown code
Keir Fraser <mailto:Keir.Fraser@xxxxxxxxxxxx> scribbled on Monday,
September 10, 2007 11:17 PM:
> On 10/9/07 22:22, "Cihula, Joseph" <joseph.cihula@xxxxxxxxx> wrote:
>
>> But the purpose of centralizing it was so that the hook into sboot's
>> shutdown wouldn't need to be in multiple place. And the reason to
>> hook into sboot's shutdown (which also supports the halt action)
>> even though the system is being halt'ed is so that we don't leave
>> some path that allows the system to be subverted or misused while
>> still having privileged access to the TPM, etc.
>
> Why is Xen running a halt loop on every CPU any more exploitable than
> Xen running normal Xen code on every CPU? If every CPU is spinning on
HLT
> with interrupts disabled then the only signals that will change state
are
> things like NMI, INIT, reset?
I agree that with: interrupts disabled, a halt loop, VT-d protections
still in place, the IDT in place, and TXT blocking INIT--that I cannot
think of any way to exploit the halt loop. And I believe that all of
these conditions are true for all cases where Xen uses halt loops. So
I'm OK with leaving the halt routines as-is.
>
> -- Keir
>
>> That said, I'm not aware of any exploitable
>> conditions/paths/environment when Xen is placed in a halt loop (at
>> least none that JTAG users wouldn't already have without waiting for
>> the system to halt), so I suppose that this extra bit of caution is
>> not really necessary. But if the EARLY_FAIL behavior gets changed
>> back to halt, is there any harm?
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
| |
|
Home