WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthr

from [Ian Campbell] [Permanent Link][Original]
To: "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>
Subject: RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
From: Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>
Date: Wed, 18 May 2011 09:54:08 +0100
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 18 May 2011 01:56:17 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4F65016F6CB04E49BFFA15D4F7B798D901B773E6D1@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: Citrix Systems, Inc.
References: <4DD235010200007800070074@xxxxxxxxxxxxxxxxxx> <4F65016F6CB04E49BFFA15D4F7B798D901B773E6D1@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
On Tue, 2011-05-17 at 23:52 +0100, Cihula, Joseph wrote:
> I still fail to see an argument that justifies panic’ing Xen when
> IOMMU is enabled on non-IR systems.  And I don’t think the way to
> manage customer expectations is through SW freezing.

Leaving the iommu=on behaviour the same as today but making iommu=force
require IR (with an explicit opt-out a la iommu=force,no-intremap) is
possibly sufficient (and considerably less harsh than the previous
proposal).

Perhaps something like the following? 

# HG changeset patch
# Parent 3db330334e3512a5326bbed4881718a63eec171a
diff -r 3db330334e35 -r 975cd3817d7a xen/drivers/passthrough/vtd/iommu.c
--- a/xen/drivers/passthrough/vtd/iommu.c       Fri May 13 14:41:18 2011 +0100
+++ b/xen/drivers/passthrough/vtd/iommu.c       Mon May 16 11:37:41 2011 +0100
@@ -1987,7 +1987,7 @@ static int init_vtd_hw(void)
                 dprintk(XENLOG_WARNING VTDPREFIX,
                         "Interrupt Remapping not enabled\n");
 
-                if ( force_iommu && platform_supports_intremap() )
+                if ( force_iommu )
                     panic("intremap remapping failed to enable with 
iommu=required/force in grub\n");
                 break;
             }

I also considered 
+               if ( force_iommy && ( !tboot_in_measured_env() || 
platform_supports_intremap() )

but I trusting the result of tboot_in_measured_env() in the non-TXT case
seems a bit silly.

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI, Ian Campbell
Next by Date:  [Xen-devel] [PATCH] retry instruction on svm emulation failure, Paolo Bonzini
Previous by Thread:  RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI, Cihula, Joseph
Next by Thread:  RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI, Cihula, Joseph
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy