On 15/10/2020 16:14, Jan Beulich wrote: > On 15.10.2020 16:50, Jason Andryuk wrote: >> On Thu, Oct 15, 2020 at 3:00 AM Jan Beulich <jbeul...@suse.com> wrote: >>> And why is there no bounds check of ->phys_entry paralleling the >>> ->virt_entry one? >> What is the purpose of this checking? It's sanity checking which is >> generally good, but what is the harm from failing the checks? A >> corrupt kernel can crash itself? Maybe you could start executing >> something (the initramfs?) instead of the actual kernel? > This is at least getting close to a possible security issue. > Booting a hacked up binary can be a problem afaik.
It's only a security issue if the absence of the check is going to cause a malfunction outside of guest the guest context. (e.g. in the toolstack's elf parser) There are a functionally infinite ways for a guest kernel to crash itself early on boot - malforming the ELF header such that the state of the guest once executing doesn't boot isn't interesting from this point of view. ~Andrew
