[PATCH] xen/kexec: Clear unused registers before jumping into an image
daniel.kiper at oracle.com
Mon Nov 18 06:08:45 EST 2013
On Mon, Nov 18, 2013 at 09:29:41AM +0000, Jan Beulich wrote:
> >>> On 15.11.13 at 21:07, David Vrabel <david.vrabel at citrix.com> wrote:
> > On 15/11/13 15:56, Daniel Kiper wrote:
> >> Clear unused registers before jumping into an image. This way
> >> loaded image could not assume that any register has an specific
> >> info about earlier running Xen hypervisor. However, it also
> >> does not mean that the image may expect that a given register
> >> is zeroed. The image MUST assume that every register has a random
> >> value or in other words it is uninitialized or has undefined state.
> > I think this, where the specification (registers undefined) differs from
> > the implementation (registers zeroed), is the worst option.
> > I also think it is more likely for an image to inadvertently rely on a
> > zero value that whatever junk Xen has left behind.
> Preventing users to rely on anything would likely make it
> desirable to put some random value into all unused registers.
Right, but on the other hand this way we lose completely chance
to differentiate between old and new implementation of kexec
if we would like to do that in the future (yes, this is small
chance but it still exists). Additionally, I think it could be
quite difficult because at this stage there is no simple reliable
RNGs. Although there are some CPUs with RNGs but they are not
very common right now. However, I will do not object if we find
another simple RNG.
More information about the kexec