[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg

To: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
From: Ian Jackson <iwj@xxxxxxxxxxxxxx>
Date: Tue, 27 Jul 2021 14:32:22 +0100
Cc: Jason Andryuk <jandryuk@xxxxxxxxx>, Scott Davis <scottwd@xxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Scott Davis <scott.davis@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Nick Rosbrook <rosbrookn@xxxxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, "Daniel P . Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 27 Jul 2021 13:32:31 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Marek Marczykowski-Górecki writes ("Re: [XEN PATCH] tools/xl: Add 
device_model_stubdomain_init_seclabel option to xl.cfg"):
> On Mon, Jul 26, 2021 at 09:07:03AM -0400, Jason Andryuk wrote:
> > Sort of relatedly, is stubdom unpaused before the guest gets
> > relabeled?  Quickly looking, I think stubdom is unpaused.  I would
> > think you want them both relabeled before either is unpaused.  If the
> > stubdom starts with the exec_label, but it sees the guest with the
> > init_label, it may get an unexpected denial?  On the other hand,
> > delayed unpausing of stubdom would slow down booting.
> 
> Some parts of the stubdomain setup are done after it's unpaused (but
> before the guest is unpaused). Especially, PCI devices are hot-plugged
> only when QEMU is already running (not sure why).

I think the PCI hotplug involves interaction with QEMU, and providing
only hotplug simplifies the code in libxl.  Anthony, do I have that
righgt ?

Naively, it seems to me that the security risks are limited because
until the guest is unpaused it doesn't have the ability to do
anything, so cannot yet mount an attack on qemu.  So I'm expecting
that qemu is still trustworthy until the guest is unpaused.

Ian.

Follow-Ups:
- Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg
  - From: Anthony PERARD
- Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg
  - From: Jason Andryuk

References:
- [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg
  - From: Scott Davis
- Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg
  - From: Jason Andryuk
- Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg
  - From: Marek Marczykowski-Górecki

Prev by Date: Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg
Next by Date: Re: [PATCH] stubdom: foreignmemory: Fix build after 0dbb4be739c5
Previous by thread: Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg
Next by thread: Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.