WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH][P2M] add printk to NP PAE logic in p2m

To: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH][P2M] add printk to NP PAE logic in p2m
From: "Stephen C. Tweedie" <sct@xxxxxxxxxx>
Date: Wed, 16 Jan 2008 15:36:21 +0000
Cc: Stephen Tweedie <sct@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, "Woller, Thomas" <thomas.woller@xxxxxxx>
Delivery-date: Wed, 16 Jan 2008 07:41:57 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <C3B2BA9A.12377%Keir.Fraser@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <C3B2BA9A.12377%Keir.Fraser@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Hi,

On Tue, 2008-01-15 at 19:31 +0000, Keir Fraser wrote:
> If we add that printk() then it's on a path triggerable by an HVM guest (via
> the populate_physmap hypercall, for example) and there is a potential DoS
> attack. The need to modify the Xen command line to enable NPT on PAE
> hypervisor should really be caveat enough anyway.

Hardly, there's no reason at all for a user to assume that enabling NPT
in that situation will cause guest address spaces to be truncated.

Ideally we'd have a text message delivered back to the user on all
domain creations when this truncation happens.  A log message is
probably the minimum reasonable notification; truncating silently is a
pretty poor option.

There are plenty of solutions --- simply do the printk once per domain,
for example, or rate-limit it, or don't do it when the physmap is
populated but have a separate test at domain build time.  But truncating
silently seems to be one of the worst alternatives.

Cheers,
 Stephen



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel