[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 0/2] AMD IOMMU: XSA-36 follow ups

>>> On 01.03.13 at 19:45, Malcolm Crossley <malcolm.crossley@xxxxxxxxxx> wrote:
> On 08/02/13 09:58, Jan Beulich wrote:
>>>>> On 06.02.13 at 14:04, "Jan Beulich" <JBeulich@xxxxxxxx> wrote:
>>> A regression was reported on a class of broken firmware that c/s
>>> 26517:601139e2b0db didn't consider, leading to a boot time crash.
>> After some more thought on this and the comments we got
>> regarding disabling the IOMMU in this situation altogether making
>> things worse instead of better, I came to the conclusion that we
>> can actually restrict the action in affected cases to just disabling
>> interrupt remapping. That doesn't make the situation worse than
>> prior to the XSA-36 fixes (where interrupt remapping didn't really
>> protect domains from one another), but allows at least DMA
>> isolation to still be utilized. Patch 3/2 below/attached.
> What is the status of this patch? It has not been included into 
> xen-unstable as yet.

No real consensus was reached on the better of two less than
optimal alternatives.

> I am of the opinion that it is better to have DMA isolation than to 
> remove the feature altogether.
> Particularly because there are other ways a guest with a PCI passthrough 
> device can attack the host
> than via reprogramming the interrupt vector in the PCI device.

Yes, that's one of the two perspectives one can take. The other
is that by doing what the patch does, it re-opens the security
hole that XSA-36 describes, i.e. without other measures users'
systems become vulnerable again.

Are you sure you consider either of the two alternatives
significantly better than the other?


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.