[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 1/2] VT-d: apply quirks at device setup time rather than only at boot
>>> On 28.04.14 at 11:30, <andrew.cooper3@xxxxxxxxxx> wrote: > On 28/04/14 09:01, Jan Beulich wrote: >> Accessing extended config space may not be possible at boot time, e.g. >> when the memory space used by MMCFG is reserved only via ACPI tables, >> but not in the E820/UEFI memory maps (which we need Dom0 to tell us >> about). Consequently the change here still leaves the issue unaddressed >> for systems where the extended config space remains inaccessible (due >> to firmware bugs, i.e. not properly reserving the address space of >> those regions). >> >> With the respective messages now potentially getting logged more than >> once, we ought to consider whether we should issue them only if we in >> fact were required to do any masking (i.e. if the relevant mask bits >> weren't already set). >> >> This is CVE-2013-3495 / XSA-59. >> >> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> > > I would agree that log messages should only be presented if Xen had to > change system state. I'll wait for eventual other opinions, but might create a 3rd patch on top of these then. Just for the record, the downside I see to this is that then there's no trace left that a system is secure. An intermediate option might be to downgrade the messages to XENLOG_DEBUG when we didn't really need to do anything. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |