Re: [PATCH] paravirt.h

From: Zachary Amsden
Date: Tue Aug 22 2006 - 13:33:53 EST

Andi Kleen wrote:
On Tuesday 22 August 2006 16:25, Adrian Bunk wrote:
On Tue, Aug 22, 2006 at 03:50:57PM +0200, Andi Kleen wrote:
this would need a "const after boot" section; which is really not hard
to make and probably useful for a lot more things.... todo++
except for anything that needs tlb entries in user space. And it only gives you
false sense of security. --todo
What's the alternative?

The alternative is to not protect it, since protecting it doesn't
offer any significant additional security over not protecting it.

Didn't someone point out yet that if you are vulnerable to someone loading a kernel module of their choosing, you lose, plain and simple? You don't need paravirt-ops to implement a rootkit, and it doesn't make it any easier, and write protecting it is totally useless. How do you think VMware runs on Linux? It takes over the hardware entirely, loads a hypervisor, and starts running in a completely different world. And it doesn't even need to use a single _GPL'd export to do that.

Write protection is great as a debug option to find accidental memory corruptions. It is useless as a technique to prevent subversion. Um hello, you're already at CPL-0. Just rewrite the page tables already.

Change it from a struct to a compile time choice?

One of the design goals of paravirt-ops was to allow single binaries
that run on both native hardware and on hypervisors. So that would
be a non starter.

Strongly agree.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at