On 05/07/16 12:22, Anthony PERARD wrote: > Hi, > > I've taken over the work from Ben to have a deprivileged mode in the > hypervisor, but I'm unsure about which direction to take.
You should begin with an evaluation of available options, identifying which issues are mitigated, those which are not, and which which new risks are introduced. E.g. 1) De-privileging the x86 instruction emulator into hypervisor ring3 Issues mitigated: * Out of bounds pointer accesses. Issues not mitigated: * On-stack state corruption. Risks: * Introduces what is basically 3rd type of vcpu, including all the subtly that comes user processes. Performance is strictly a secondary consideration; Make something which works first, then make it fast. Never the opposite way around. Another exercise which might be useful is to look at the recent XSAs and identified which of them could have been mitigated by one of the suggestions. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
