Re: [PATCH] paravirt.h

From: Zachary Amsden
Date: Tue Aug 22 2006 - 13:13:50 EST

Next message: abriel fabian: "urgent response"
Previous message: Jari Sundell: "Re: [take12 0/3] kevent: Generic event handling mechanism."
In reply to: Andi Kleen: "Re: [PATCH] paravirt.h"
Next in thread: Arjan van de Ven: "Re: [PATCH] paravirt.h"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andi Kleen wrote:

I don't see why paravirt ops is that much more sensitive
than most other kernel code.

It would be a lot safer if we could have the struct paravirt_ops in
protected read-only const memory space, set it up in the core kernel
early on in boot when we play "guess todays hypervisor" and then make
sure it stays in read only (even to kernel) space.

By default we don't make anything read only because that would
mess up the 2MB kernel mapping.

In general i don't think making select code in the kernel
read only is a good idea, because as long as you don't
protect everything including stacks etc. there will be always
attack points where supposedly protected code relies on unprotected state. If someone can write to kernel
memory you already lost.

And it adds TLB pressure.

And it doesn't work for VMI or lhype, both of which might modify paravirt_ops way later in the boot process, when loaded as a module. Where did this conversation come from? I don't see it on any list I'm subscribed to.

Zach
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: abriel fabian: "urgent response"
Previous message: Jari Sundell: "Re: [take12 0/3] kevent: Generic event handling mechanism."
In reply to: Andi Kleen: "Re: [PATCH] paravirt.h"
Next in thread: Arjan van de Ven: "Re: [PATCH] paravirt.h"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]