From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Jan Beulich <jbeulich@suse.com>, Jason Andryuk <jandryuk@gmail.com>
Cc: xen-devel <xen-devel@lists.xenproject.org>,
George Dunlap <george.dunlap@citrix.com>,
Ian Jackson <iwj@xenproject.org>, Julien Grall <julien@xen.org>,
Stefano Stabellini <sstabellini@kernel.org>, Wei Liu <wl@xen.org>
Subject: Re: [PATCH] libelf: Handle PVH kernels lacking ENTRY elfnote
Date: Thu, 15 Oct 2020 18:27:13 +0100 [thread overview]
Message-ID: <d1d45ef5-067d-1edb-fac9-514495277765@citrix.com> (raw)
In-Reply-To: <d8e93366-0f99-37c7-e5f4-8efaf804d2e2@suse.com>
On 15/10/2020 16:14, Jan Beulich wrote:
> On 15.10.2020 16:50, Jason Andryuk wrote:
>> On Thu, Oct 15, 2020 at 3:00 AM Jan Beulich <jbeulich@suse.com> wrote:
>>> And why is there no bounds check of ->phys_entry paralleling the
>>> ->virt_entry one?
>> What is the purpose of this checking? It's sanity checking which is
>> generally good, but what is the harm from failing the checks? A
>> corrupt kernel can crash itself? Maybe you could start executing
>> something (the initramfs?) instead of the actual kernel?
> This is at least getting close to a possible security issue.
> Booting a hacked up binary can be a problem afaik.
It's only a security issue if the absence of the check is going to cause
a malfunction outside of guest the guest context. (e.g. in the
toolstack's elf parser)
There are a functionally infinite ways for a guest kernel to crash
itself early on boot - malforming the ELF header such that the state of
the guest once executing doesn't boot isn't interesting from this point
of view.
~Andrew
next prev parent reply other threads:[~2020-10-15 17:27 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-14 15:31 [PATCH] libelf: Handle PVH kernels lacking ENTRY elfnote Jason Andryuk
2020-10-14 15:52 ` Wei Liu
2020-10-14 16:02 ` Jan Beulich
2020-10-14 16:27 ` Jason Andryuk
2020-10-15 7:00 ` Jan Beulich
2020-10-15 14:50 ` Jason Andryuk
2020-10-15 15:14 ` Jan Beulich
2020-10-15 17:27 ` Andrew Cooper [this message]
2020-10-16 16:28 ` Jason Andryuk
2020-10-19 7:38 ` Jan Beulich
2020-10-19 15:26 ` Jason Andryuk
2020-10-19 15:36 ` Jan Beulich
2020-10-15 15:03 ` Roger Pau Monné
2020-10-14 16:12 ` Jürgen Groß
2020-10-14 16:27 ` Jason Andryuk
2020-10-15 4:17 ` Jürgen Groß
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d1d45ef5-067d-1edb-fac9-514495277765@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=george.dunlap@citrix.com \
--cc=iwj@xenproject.org \
--cc=jandryuk@gmail.com \
--cc=jbeulich@suse.com \
--cc=julien@xen.org \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).