[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Is exposing shared_info to user-land secure?

I think it might be okay. One issue is that how to let the user-space
process know what vcpu it is running on, so it can use the correct timestamp
info in a way that is safe against preemption. Bear in mind that the user
address space may be shared by multiple concurrent threads on different
VCPUs! If you assume consistent-tsc across all CPUs then the task is easier,
but I don't think we'll want to bake that assumption into guest kernels and
their interface to user processes.

 -- Keir

On 1/8/08 17:13, "Dan Magenheimer" <dan.magenheimer@xxxxxxxxxx> wrote:

> Is it "safe" in a paravirtualized guest to expose shared_info
> (at least read-only) to user-land?  That is, is there data
> in shared_info that could be used by a malicious program to
> compromise a guest OS (ignoring very complex side-channel
> attacks anyway)?
> We have apps that constantly do various time syscalls (e.g.
> to gettimeofday()) and I'm thinking if vcpu_info(cpu)->time_info
> was directly readable by an enterprise app, it could do
> the time calculations itself and save the syscall overhead.
> Comments?
> Thanks,
> Dan
> ===================================
> Thanks... for the memory
> I really could use more / My throughput's on the floor
> The balloon is flat / My swap disk's fat / I've OOM's in store
> Overcommitted so much
> (with apologies to the late great Bob Hope)
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.