On Mon, Nov 18, 2013 at 11:27:34AM +0000, Jan Beulich wrote: > >>> On 18.11.13 at 12:08, Daniel Kiper <daniel.kiper at oracle.com> wrote: > > On Mon, Nov 18, 2013 at 09:29:41AM +0000, Jan Beulich wrote: > >> >>> On 15.11.13 at 21:07, David Vrabel <david.vrabel at citrix.com> wrote: > >> > On 15/11/13 15:56, Daniel Kiper wrote: > >> >> Clear unused registers before jumping into an image. This way > >> >> loaded image could not assume that any register has an specific > >> >> info about earlier running Xen hypervisor. However, it also > >> >> does not mean that the image may expect that a given register > >> >> is zeroed. The image MUST assume that every register has a random > >> >> value or in other words it is uninitialized or has undefined state. > >> > > >> > I think this, where the specification (registers undefined) differs from > >> > the implementation (registers zeroed), is the worst option. > >> > > >> > I also think it is more likely for an image to inadvertently rely on a > >> > zero value that whatever junk Xen has left behind. > >> > >> Preventing users to rely on anything would likely make it > >> desirable to put some random value into all unused registers. > > > > Right, but on the other hand this way we lose completely chance > > to differentiate between old and new implementation of kexec > > if we would like to do that in the future (yes, this is small > > chance but it still exists). Additionally, I think it could be > > quite difficult because at this stage there is no simple reliable > > RNGs. Although there are some CPUs with RNGs but they are not > > very common right now. However, I will do not object if we find > > another simple RNG. > > We surely wouldn't need a good quality random number here - > the TSC would very likely already be more random than anything > we need. I forgot about TSC. This is OK in that case. Thanks. Personally I prefer zeroing (I explained above and in other emails why) but if David do not like it we could use TSC. David? Daniel