[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/2] VT-d: apply quirks at device setup time rather than only at boot

To: "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Mon, 28 Apr 2014 10:55:22 +0100
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, xiantao.zhang@xxxxxxxxx, Donald D Dugger <donald.d.dugger@xxxxxxxxx>
Delivery-date: Mon, 28 Apr 2014 09:55:34 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 28.04.14 at 11:30, <andrew.cooper3@xxxxxxxxxx> wrote:
> On 28/04/14 09:01, Jan Beulich wrote:
>> Accessing extended config space may not be possible at boot time, e.g.
>> when the memory space used by MMCFG is reserved only via ACPI tables,
>> but not in the E820/UEFI memory maps (which we need Dom0 to tell us
>> about). Consequently the change here still leaves the issue unaddressed
>> for systems where the extended config space remains inaccessible (due
>> to firmware bugs, i.e. not properly reserving the address space of
>> those regions).
>>
>> With the respective messages now potentially getting logged more than
>> once, we ought to consider whether we should issue them only if we in
>> fact were required to do any masking (i.e. if the relevant mask bits
>> weren't already set).
>>
>> This is CVE-2013-3495 / XSA-59.
>>
>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> 
> I would agree that log messages should only be presented if Xen had to
> change system state.

I'll wait for eventual other opinions, but might create a 3rd patch on
top of these then. Just for the record, the downside I see to this is
that then there's no trace left that a system is secure. An intermediate
option might be to downgrade the messages to XENLOG_DEBUG when
we didn't really need to do anything.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 1/2] VT-d: apply quirks at device setup time rather than only at boot
  - From: Andrew Cooper

References:
- [Xen-devel] [PATCH 0/2] VT-d: further XSA-59 workaround adjustments
  - From: Jan Beulich
- [Xen-devel] [PATCH 1/2] VT-d: apply quirks at device setup time rather than only at boot
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 1/2] VT-d: apply quirks at device setup time rather than only at boot
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] Spurious "NUMA placement failed, performance might be affected" message on ARM
Next by Date: Re: [Xen-devel] [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets
Previous by thread: Re: [Xen-devel] [PATCH 1/2] VT-d: apply quirks at device setup time rather than only at boot
Next by thread: Re: [Xen-devel] [PATCH 1/2] VT-d: apply quirks at device setup time rather than only at boot
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.