The Xen Security team recently disclosed a vulnerability, Xen Security Advisory 7 (CVE-2012-0217), which would allow guest administrators to escalate to hypervisor-level privileges. The impact is much wider than Xen; many other operating systems seem to have the same vulnerability, including NetBSD, FreeBSD, some versions of Microsoft Windows (including Windows 7), and possibly Apple OSX.
So what was the vulnerability? It has to do with a subtle difference in the way in which Intel processors implement error handling in their version of AMD’s SYSRET instruction. The SYSRET instruction is part of the x86-64 standard defined by AMD. If an operating system is written according to AMD’s spec, but run on Intel hardware, the difference in implementation can be exploited by an attacker to write to arbitrary addresses in the operating system’s memory. This blog will explore the technical details of the vulnerability.
One of the goals for the 4.2 release is for xl to have feature parity with xm for the most important functions. But along the way, we’ve also been adding…
Among the more unique features of Xen 4.2 is a feature called cpupools, designed and implemented by Jürgen Groß at Fujitsu. At its core it’s a simple idea, but one…
Xen 4.2 will contain two new scheduling parameters for the credit1 scheduler which significantly increase its confurability and performance for cloud-based workloads: timeslice_ms and ratelimit_us. This blog post describes what they do, and how to configure them for best performance.
One of the fun things about a hackathon is the chance to get everyone together in a room and just talk about crazy ideas you might try at some point…
Linux 2.6.37, released just few days ago, is the first upstream Linux kernel that can boot on Xen as Dom0… Just enabling CONFIG_XEN in the kernel config of a 2.6.37 Linux kernel allows the very same Linux kernel image to boot on native, on Xen as Dom0, on Xen as normal PV guest and on Xen as PV on HVM guest!
Quick update on the community manager search. We’ve interviewed a number of candidates, all of whom look very promising. We’re going to be discussing them soon, and hopefully sending out…
As many of you know, XenSummit Asia 2010, originally planned for Nov 3-4 in Seoul, Korea, is being postponed. The current plan is to push back the event by about…
I’m working on now is an automated test framework, which will measure the effectivenes of the scheduler. This is actually a bit trickier than one might expect. You can’t simply run a workload by itself and measure its performance; for that use case, you don’t actually need a scheduler. You need to run each workload in competition with an array of other workloads, and at various levels of CPU “pressure”.
Shadow 3 is the next step in the evolution of the shadow pagetable code. By making the shadow pagetables behave more like a TLB, we take advantage of guest operating…