Re: [SeaBIOS] KVM call agenda for 2013-05-28

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Anthony Liguori <anthony@xxxxxxxxxxxxx> writes:

> Gerd Hoffmann <kraxel@xxxxxxxxxx> writes:
>
>> On 05/29/13 01:53, Kevin O'Connor wrote:
>>> On Thu, May 23, 2013 at 03:41:32PM +0300, Michael S. Tsirkin wrote:
>>>> Juan is not available now, and Anthony asked for
>>>> agenda to be sent early.
>>>> So here comes:
>>>>
>>>> Agenda for the meeting Tue, May 28:
>>>>
>>>> - Generating acpi tables
>>> 
>>> I didn't see any meeting notes, but I thought it would be worthwhile
>>> to summarize the call.  This is from memory so correct me if I got
>>> anything wrong.
>>> 
>>> Anthony believes that the generation of ACPI tables is the task of the
>>> firmware.  Reasons cited include security implications of running more
>>> code in qemu vs the guest context,
>>
>> I fail to see the security issues here.  It's not like the apci table
>> generation code operates on untrusted input from the guest ...
>
> But possibly untrusted input from a malicious user.  You can imagine
> something like a IaaS provider that let's a user input arbitrary values
> for memory, number of nics, etc.
>
> It's a stretch of an example, I agree, but the general principle I think
> is sound:  we should push as much work as possible to the least
> privileged part of the stack.  In this case, firmware has much less
> privileges than QEMU.

Firmware runs in a primitive, unforgiving environment, and should do as
little as humanly possible.  For an instructive example of deviating
from that rule, check out UEFI.

[...]
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux