[PATCH] xen/kexec: Clear unused registers before jumping into an image
JBeulich at suse.com
Mon Nov 18 06:27:34 EST 2013
>>> On 18.11.13 at 12:08, Daniel Kiper <daniel.kiper at oracle.com> wrote:
> On Mon, Nov 18, 2013 at 09:29:41AM +0000, Jan Beulich wrote:
>> >>> On 15.11.13 at 21:07, David Vrabel <david.vrabel at citrix.com> wrote:
>> > On 15/11/13 15:56, Daniel Kiper wrote:
>> >> Clear unused registers before jumping into an image. This way
>> >> loaded image could not assume that any register has an specific
>> >> info about earlier running Xen hypervisor. However, it also
>> >> does not mean that the image may expect that a given register
>> >> is zeroed. The image MUST assume that every register has a random
>> >> value or in other words it is uninitialized or has undefined state.
>> > I think this, where the specification (registers undefined) differs from
>> > the implementation (registers zeroed), is the worst option.
>> > I also think it is more likely for an image to inadvertently rely on a
>> > zero value that whatever junk Xen has left behind.
>> Preventing users to rely on anything would likely make it
>> desirable to put some random value into all unused registers.
> Right, but on the other hand this way we lose completely chance
> to differentiate between old and new implementation of kexec
> if we would like to do that in the future (yes, this is small
> chance but it still exists). Additionally, I think it could be
> quite difficult because at this stage there is no simple reliable
> RNGs. Although there are some CPUs with RNGs but they are not
> very common right now. However, I will do not object if we find
> another simple RNG.
We surely wouldn't need a good quality random number here -
the TSC would very likely already be more random than anything
More information about the kexec