On 07/08/15 13:51, Ben Catterall wrote: > > I don't know if we can make these synchronous as we need a way to > interrupt the vcpu if it's spinning for a long time. Otherwise an > attacker could just spin in depriv and cause a DoS. With that in mind, > the scheduler may decide to migrate the vcpu whilst it's in depriv mode > which would mean this per-pcpu data is held in the stack copy which is > then migrated to another pcpu incorrectly.
IMO, DoS attacks on depriv'd emulators aren't very interesting. I think it is counter-productive to address this attack in this initial implementation at the expense (delays/complexity/etc.) of solving the key requirement of mitigating information leaks and privilege escalation attacks David _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
