|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-devel] [PATCH] Unified shutdown code
Keir Fraser <mailto:Keir.Fraser@xxxxxxxxxxxx> scribbled on Monday, September 10, 2007 11:17 PM: > On 10/9/07 22:22, "Cihula, Joseph" <joseph.cihula@xxxxxxxxx> wrote: > >> But the purpose of centralizing it was so that the hook into sboot's >> shutdown wouldn't need to be in multiple place. And the reason to >> hook into sboot's shutdown (which also supports the halt action) >> even though the system is being halt'ed is so that we don't leave >> some path that allows the system to be subverted or misused while >> still having privileged access to the TPM, etc. > > Why is Xen running a halt loop on every CPU any more exploitable than > Xen running normal Xen code on every CPU? If every CPU is spinning on HLT > with interrupts disabled then the only signals that will change state are > things like NMI, INIT, reset? I agree that with: interrupts disabled, a halt loop, VT-d protections still in place, the IDT in place, and TXT blocking INIT--that I cannot think of any way to exploit the halt loop. And I believe that all of these conditions are true for all cases where Xen uses halt loops. So I'm OK with leaving the halt routines as-is. > > -- Keir > >> That said, I'm not aware of any exploitable >> conditions/paths/environment when Xen is placed in a halt loop (at >> least none that JTAG users wouldn't already have without waiting for >> the system to halt), so I suppose that this extra bit of caution is >> not really necessary. But if the EARLY_FAIL behavior gets changed >> back to halt, is there any harm? _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |