Re: X server in dom0: Bad VBT signature

[Thor Lancelot Simon <tls%panix.com@localhost>]

On Mon, Sep 03, 2012 at 12:47:04PM +0200, Manuel Bouyer wrote:
> On Sun, Sep 02, 2012 at 04:42:17PM -0400, Mouse wrote:
> > > it's the memory-mapped address space which is causing problem for
> > > Xen, because the physical addresses are not real machine addresses,
> > > they are translated by the hypervisor, and may have the same address
> > > as real machine address but point to something different.
> > 
> > Sounds as though Xen is the problem, in that it is putting two
> > different things (RAM and memory-mapped hardware) at the same
> > (emulated-)physical address.  Or am I still misunderstanding?
> 
> No, Xen does in fact add an address space: emulated-physical address,
> which is for RAM. memory-mapped hardware remains in the machine address
> space. These are 2 distinct addresses spaces, while on plain x86 it's
> the same space. In kernel, we properly make the disctinction.
> The problem is /dev/mem, or it's usage by X which assumes it can access
> memory-mapped hardware from here.

And, actually, this points out that Xen has a much better chance at
not wrecking the security of the system while allowing X to run -- device
registers are still very dangerous, of course, but at least since we have
to track it anyway, we can refrain from allowing /dev/mem access to
physical memory when securelevel > 0.

-- 
 Thor Lancelot Simon                                          
tls%panix.com@localhost
   But as he knew no bad language, he had called him all the names of common
 objects that he could think of, and had screamed: "You lamp!  You towel!  You
 plate!" and so on.              --Sigmund Freud