Anthony Liguori writes ("Re: [Xen-devel] [PATCH 00/22] Vixen: A PV-in-HVM
shim"):
> hvmloader is still used. The full HVM boot stack is intact so it's
> hvmloader -> {pcbios,seabios} -> boot loader.
>
> For testing, I've been using grub as the boo
On Mon, Jan 08, 2018 at 08:02:07AM -0800, Anthony Liguori wrote:
> On Mon, Jan 8, 2018 at 4:11 AM, Roger Pau Monné wrote:
> > On Mon, Jan 08, 2018 at 11:54:57AM +, Wei Liu wrote:
> >> Hi Anthony
> >>
> >> On Sat, Jan 06, 2018 at 02:54:15PM -0800, Anthony Liguori wrote:
> >> > From: Anthony Lig
On Mon, Jan 8, 2018 at 9:34 AM, Wei Liu wrote:
> On Mon, Jan 08, 2018 at 09:03:44AM -0800, Anthony Liguori wrote:
>> On Mon, Jan 8, 2018 at 8:39 AM, Ian Jackson
>> wrote:
>> > Wei Liu writes ("Re: [Xen-devel] [PATCH 00/22] Vixen: A PV-in-HVM shim"):
>&g
On Mon, Jan 08, 2018 at 09:03:44AM -0800, Anthony Liguori wrote:
> On Mon, Jan 8, 2018 at 8:39 AM, Ian Jackson wrote:
> > Wei Liu writes ("Re: [Xen-devel] [PATCH 00/22] Vixen: A PV-in-HVM shim"):
> >> On Mon, Jan 08, 2018 at 08:02:07AM -0800, Anthony Liguori wrote:
>
On Mon, Jan 8, 2018 at 8:30 AM, Wei Liu wrote:
> On Mon, Jan 08, 2018 at 08:02:07AM -0800, Anthony Liguori wrote:
>> On Mon, Jan 8, 2018 at 4:11 AM, Roger Pau Monné wrote:
>> > On Mon, Jan 08, 2018 at 11:54:57AM +, Wei Liu wrote:
>> >> Hi Anthony
>> >>
>> >> On Sat, Jan 06, 2018 at 02:54:15PM
On Mon, Jan 8, 2018 at 8:39 AM, Ian Jackson wrote:
> Wei Liu writes ("Re: [Xen-devel] [PATCH 00/22] Vixen: A PV-in-HVM shim"):
>> On Mon, Jan 08, 2018 at 08:02:07AM -0800, Anthony Liguori wrote:
>> > OTOH, the HVM version of the series requires no tools changes an
On Jan 8, 2018 8:28 AM, "George Dunlap" wrote:
On Mon, Jan 8, 2018 at 4:02 PM, Anthony Liguori
wrote:
>>> I do want to make the shim be able to run in both pvh and hvm mode
>>> (which doesn't seem to be too hard in practice).
>>
>> AFAIK the pv-shim code will already work in HVM mode. It's just
Wei Liu writes ("Re: [Xen-devel] [PATCH 00/22] Vixen: A PV-in-HVM shim"):
> On Mon, Jan 08, 2018 at 08:02:07AM -0800, Anthony Liguori wrote:
> > OTOH, the HVM version of the series requires no tools changes and
> > works on Xen versions going back to 3.4 (at least).
That
On Mon, Jan 08, 2018 at 08:02:07AM -0800, Anthony Liguori wrote:
> On Mon, Jan 8, 2018 at 4:11 AM, Roger Pau Monné wrote:
> > On Mon, Jan 08, 2018 at 11:54:57AM +, Wei Liu wrote:
> >> Hi Anthony
> >>
> >> On Sat, Jan 06, 2018 at 02:54:15PM -0800, Anthony Liguori wrote:
> >> > From: Anthony Lig
On Mon, Jan 8, 2018 at 4:02 PM, Anthony Liguori wrote:
>>> I do want to make the shim be able to run in both pvh and hvm mode
>>> (which doesn't seem to be too hard in practice).
>>
>> AFAIK the pv-shim code will already work in HVM mode. It's just that
>> booting the pv-shim in HVM mode requires
On Mon, Jan 8, 2018 at 4:11 AM, Roger Pau Monné wrote:
> On Mon, Jan 08, 2018 at 11:54:57AM +, Wei Liu wrote:
>> Hi Anthony
>>
>> On Sat, Jan 06, 2018 at 02:54:15PM -0800, Anthony Liguori wrote:
>> > From: Anthony Liguori
>> >
>> > CVE-2017-5754 is problematic for paravirtualized x86 domUs be
On Mon, Jan 08, 2018 at 12:11:55PM +, Roger Pau Monné wrote:
> On Mon, Jan 08, 2018 at 11:54:57AM +, Wei Liu wrote:
> > Hi Anthony
> >
> > On Sat, Jan 06, 2018 at 02:54:15PM -0800, Anthony Liguori wrote:
> > > From: Anthony Liguori
> > >
> > > CVE-2017-5754 is problematic for paravirtual
On Mon, Jan 08, 2018 at 11:54:57AM +, Wei Liu wrote:
> Hi Anthony
>
> On Sat, Jan 06, 2018 at 02:54:15PM -0800, Anthony Liguori wrote:
> > From: Anthony Liguori
> >
> > CVE-2017-5754 is problematic for paravirtualized x86 domUs because it
> > appears to be very difficult to isolate the hyper
Hi Anthony
On Sat, Jan 06, 2018 at 02:54:15PM -0800, Anthony Liguori wrote:
> From: Anthony Liguori
>
> CVE-2017-5754 is problematic for paravirtualized x86 domUs because it
> appears to be very difficult to isolate the hypervisor's page tables
> from PV domUs while maintaining ABI compatibility
I sent a v2 out with most of the changes discussed in this thread.
The only things missing are getting rid of hardware_domain and
ECS_RESERVED vs. ECS_PROXY.
Regards,
Anthony Liguori
On Sat, Jan 6, 2018 at 4:05 PM, Anthony Liguori wrote:
> On Sat, Jan 6, 2018 at 3:50 PM, Andrew Cooper
> wrote
On Sat, Jan 6, 2018 at 3:50 PM, Andrew Cooper wrote:
> On 06/01/2018 22:54, Anthony Liguori wrote:
>> From: Anthony Liguori
>>
>> CVE-2017-5754 is problematic for paravirtualized x86 domUs because it
>> appears to be very difficult to isolate the hypervisor's page tables
>> from PV domUs while ma
On Sat, Jan 06, 2018 at 11:50:46PM +, Andrew Cooper wrote:
> On 06/01/2018 22:54, Anthony Liguori wrote:
> > Please note the Xen page table configuration fundamental to the
> > current PV ABI makes it impossible for an operating system to mitigate
> > CVE-2017-5754 through mechanisms like Kerne
On 06/01/2018 22:54, Anthony Liguori wrote:
> From: Anthony Liguori
>
> CVE-2017-5754 is problematic for paravirtualized x86 domUs because it
> appears to be very difficult to isolate the hypervisor's page tables
> from PV domUs while maintaining ABI compatibility. Instead of trying
> to make a K
On Sat, Jan 6, 2018 at 2:54 PM, Anthony Liguori wrote:
> From: Anthony Liguori
>
> CVE-2017-5754 is problematic for paravirtualized x86 domUs because it
> appears to be very difficult to isolate the hypervisor's page tables
> from PV domUs while maintaining ABI compatibility. Instead of trying
>
From: Anthony Liguori
CVE-2017-5754 is problematic for paravirtualized x86 domUs because it
appears to be very difficult to isolate the hypervisor's page tables
from PV domUs while maintaining ABI compatibility. Instead of trying
to make a KPTI-like approach work for Xen PV, it seems reasonable
20 matches
Mail list logo
