WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Critical bug: VT-d fault causes disk corruption or Dom0

To: "Kay, Allen M" <allen.m.kay@xxxxxxxxx>, "Li, Xin" <xin.li@xxxxxxxxx>, "Li, Haicheng" <haicheng.li@xxxxxxxxx>, "'xen-devel@xxxxxxxxxxxxxxxxxxx'" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] Critical bug: VT-d fault causes disk corruption or Dom0 kernel panic.
From: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Date: Fri, 23 Jan 2009 18:44:05 +0000
Cc:
Delivery-date: Fri, 23 Jan 2009 10:43:55 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <C59FBFF6.21CC8%keir.fraser@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acl8Q3YVs3niaMuxT1CPWgfSc0ZGCwAITqg5AAKyJXAAAOMrHgAfiHegABEJqTgAEqyPIAACkS3lAAAS7KQ=
Thread-topic: [Xen-devel] Critical bug: VT-d fault causes disk corruption or Dom0 kernel panic.
User-agent: Microsoft-Entourage/12.15.0.081119
On 23/01/2009 18:41, "Keir Fraser" <keir.fraser@xxxxxxxxxxxxx> wrote:

> Also it's going to be hard to do better while keeping efficiency since if you
> only map dom0's pages in its vtd tables then PV backend drivers will not work
> (which rely on DMAing to/from other domain's pages via grant references).
> You'd have to dynamically map/unmap as grants get mapped/unmapped, and you may
> not want the performance hit of that.
> 
> I'd personally vote for getting rid of xen_in_range(). Alternatively we could
> have it merely check for is_kernel_text(), but really I think since it is not
> in any way full protection from dom0 I wonder if it is worth the bother at
> all.
> 
> What do you think?

I should add that you could still implement the more sophisticated and
slower full protection, where dom0 only has DMA access to pages it currently
has access to via the host CPUs, as a boot option. For those who really
don't want to trust dom0 as far as possible.

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>