[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 3/8] libelf: loop safety: Call elf_iter_ok[_counted] in every loop

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Date: Mon, 12 Dec 2016 16:02:49 +0000
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 12 Dec 2016 16:03:43 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Jan Beulich writes ("Re: [PATCH 3/8] libelf: loop safety: Call 
elf_iter_ok[_counted] in every loop"):
> On 12.12.16 at 16:38, <ian.jackson@xxxxxxxxxxxxx> wrote:
> > So the calls to elf_memset_unchecked, to zero name and value, imply
> > that there must be a call to elf_iter_ok_counted.  The count parameter
> > should be the actual work done.
> 
> Hmm, if the rules say that, I'll then have to question the rules:
> Shouldn't accounting be based on what the workload the image
> causes us, instead of our own overhead?

The purpose of the accounting is to prevent the image from causing us
to do lots of work.  The work calculation should be based on the
actual algorithm, not on some hypothetical other algorithm that might
be more efficient.

Otherwise if our algorithm is inefficient in some surprising way, when
faced with certain unusual images, that would be a DOS vulnerability.

I think it is easier to write these checks, in terms of the actual
work done, than attempt to construct a proof that the algorithm always
only does a reasonable amount of work.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- Re: [Xen-devel] [PATCH] libelf: Fix div0 issues in elf_{shdr, phdr}_count()
  - From: Ian Jackson
- [Xen-devel] [PATCH 0/8] libelf: safety enhancements
  - From: Ian Jackson
- [Xen-devel] [PATCH 3/8] libelf: loop safety: Call elf_iter_ok[_counted] in every loop
  - From: Ian Jackson
- Re: [Xen-devel] [PATCH 3/8] libelf: loop safety: Call elf_iter_ok[_counted] in every loop
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 3/8] libelf: loop safety: Call elf_iter_ok[_counted] in every loop
  - From: Ian Jackson
- Re: [Xen-devel] [PATCH 3/8] libelf: loop safety: Call elf_iter_ok[_counted] in every loop
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] [PATCH 1/8] libelf: loop safety: Introduce elf_iter_ok and elf_strcmp_safe
Next by Date: Re: [Xen-devel] [PATCH 4/8] libelf: loop safety: Call elf_iter_ok_counted at every *mem*_unsafe
Previous by thread: Re: [Xen-devel] [PATCH 3/8] libelf: loop safety: Call elf_iter_ok[_counted] in every loop
Next by thread: [Xen-devel] [PATCH 4/8] libelf: loop safety: Call elf_iter_ok_counted at every *mem*_unsafe
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.