[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 1/2] VT-d: apply quirks at device setup time rather than only at boot
On 28/04/14 10:55, Jan Beulich wrote: >>>> On 28.04.14 at 11:30, <andrew.cooper3@xxxxxxxxxx> wrote: >> On 28/04/14 09:01, Jan Beulich wrote: >>> Accessing extended config space may not be possible at boot time, e.g. >>> when the memory space used by MMCFG is reserved only via ACPI tables, >>> but not in the E820/UEFI memory maps (which we need Dom0 to tell us >>> about). Consequently the change here still leaves the issue unaddressed >>> for systems where the extended config space remains inaccessible (due >>> to firmware bugs, i.e. not properly reserving the address space of >>> those regions). >>> >>> With the respective messages now potentially getting logged more than >>> once, we ought to consider whether we should issue them only if we in >>> fact were required to do any masking (i.e. if the relevant mask bits >>> weren't already set). >>> >>> This is CVE-2013-3495 / XSA-59. >>> >>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> >> I would agree that log messages should only be presented if Xen had to >> change system state. > I'll wait for eventual other opinions, but might create a 3rd patch on > top of these then. Just for the record, the downside I see to this is > that then there's no trace left that a system is secure. An intermediate > option might be to downgrade the messages to XENLOG_DEBUG when > we didn't really need to do anything. > > Jan > Hmm yes - that is a point. It probably is best to leave some hint for people really trying to find it. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |