[PATCH] xen/kexec: Clear unused registers before jumping into an image
Daniel Kiper
daniel.kiper at oracle.com
Mon Nov 18 06:53:08 EST 2013
On Mon, Nov 18, 2013 at 11:27:34AM +0000, Jan Beulich wrote:
> >>> On 18.11.13 at 12:08, Daniel Kiper <daniel.kiper at oracle.com> wrote:
> > On Mon, Nov 18, 2013 at 09:29:41AM +0000, Jan Beulich wrote:
> >> >>> On 15.11.13 at 21:07, David Vrabel <david.vrabel at citrix.com> wrote:
> >> > On 15/11/13 15:56, Daniel Kiper wrote:
> >> >> Clear unused registers before jumping into an image. This way
> >> >> loaded image could not assume that any register has an specific
> >> >> info about earlier running Xen hypervisor. However, it also
> >> >> does not mean that the image may expect that a given register
> >> >> is zeroed. The image MUST assume that every register has a random
> >> >> value or in other words it is uninitialized or has undefined state.
> >> >
> >> > I think this, where the specification (registers undefined) differs from
> >> > the implementation (registers zeroed), is the worst option.
> >> >
> >> > I also think it is more likely for an image to inadvertently rely on a
> >> > zero value that whatever junk Xen has left behind.
> >>
> >> Preventing users to rely on anything would likely make it
> >> desirable to put some random value into all unused registers.
> >
> > Right, but on the other hand this way we lose completely chance
> > to differentiate between old and new implementation of kexec
> > if we would like to do that in the future (yes, this is small
> > chance but it still exists). Additionally, I think it could be
> > quite difficult because at this stage there is no simple reliable
> > RNGs. Although there are some CPUs with RNGs but they are not
> > very common right now. However, I will do not object if we find
> > another simple RNG.
>
> We surely wouldn't need a good quality random number here -
> the TSC would very likely already be more random than anything
> we need.
I forgot about TSC. This is OK in that case. Thanks. Personally I prefer
zeroing (I explained above and in other emails why) but if David do not
like it we could use TSC. David?
Daniel
More information about the kexec
mailing list