Le Mercredi 14 Juin 2006 18:48, Magenheimer, Dan (HP Labs Fort Collins) a
écrit :
[...]
I wasn't fighting the specific patch as much as providing
history. The possibility of vcr.iva being used maliciously
is very small but vBlades evolved from a security-focused
project so validating all
Le Mardi 13 Juin 2006 21:49, Magenheimer, Dan (HP Labs Fort Collins) a écrit :
The reason that there are two groups of privileged registers,
one in privregs (directly accessible by the guest) and one
in arch_vcpu (not directly accesible) is that arch_vcpu is
for registers that are not
If the guest could randomly (maliciously or accidentally)
change iva, Xen should re-validate it before using it (e.g.
to ensure that it is not in Xen address space, to ensure
it is not an I/O address etc.)
As you noticed, these checks are not performed.
Xen address space is protected