>>> On 18.11.13 at 12:08, Daniel Kiper <daniel.kiper at oracle.com> wrote: > On Mon, Nov 18, 2013 at 09:29:41AM +0000, Jan Beulich wrote: >> >>> On 15.11.13 at 21:07, David Vrabel <david.vrabel at citrix.com> wrote: >> > On 15/11/13 15:56, Daniel Kiper wrote: >> >> Clear unused registers before jumping into an image. This way >> >> loaded image could not assume that any register has an specific >> >> info about earlier running Xen hypervisor. However, it also >> >> does not mean that the image may expect that a given register >> >> is zeroed. The image MUST assume that every register has a random >> >> value or in other words it is uninitialized or has undefined state. >> > >> > I think this, where the specification (registers undefined) differs from >> > the implementation (registers zeroed), is the worst option. >> > >> > I also think it is more likely for an image to inadvertently rely on a >> > zero value that whatever junk Xen has left behind. >> >> Preventing users to rely on anything would likely make it >> desirable to put some random value into all unused registers. > > Right, but on the other hand this way we lose completely chance > to differentiate between old and new implementation of kexec > if we would like to do that in the future (yes, this is small > chance but it still exists). Additionally, I think it could be > quite difficult because at this stage there is no simple reliable > RNGs. Although there are some CPUs with RNGs but they are not > very common right now. However, I will do not object if we find > another simple RNG. We surely wouldn't need a good quality random number here - the TSC would very likely already be more random than anything we need. Jan