|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v3 3/3] tools: introduce parameter max_wp_ram_ranges.
On 02/02/16 10:32, Jan Beulich wrote: >>>> On 01.02.16 at 18:05, <Ian.Jackson@xxxxxxxxxxxxx> wrote: >> Having said that, if the hypervisor maintainers are happy with a >> situation where this value is configured explicitly, and the >> configurations where a non-default value is required is expected to be >> rare, then I guess we can live with it. > Well, from the very beginning I have been not very happy with > the introduction of this, and I still consider it half way acceptable > only because of not seeing any good alternative. If we look at > it strictly, it's in violation of the rule we set forth after XSA-77: > No introduction of new code making the system susceptible to > bad (malicious) tool stack behavior Lets take a step back here. If your toolstack is malicious, you have already lost. Coding Xen around this is a waste of time. The XSM case is for splitting out some of the privileged domains responsibilities to less privileged domains. In these cases, we do indeed want to assure that the somewhat-privileged entity cannot abuse anything outside its area of privilege. This specific issue concerns resource allocation during domain building and is an area which can never ever be given to a less privileged entity. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |