[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 10/10] x86/MSI-X: provide hypercall interface for mask-all control

To: "Konrad Rzeszutek Wilk" <konrad.wilk@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Fri, 12 Jun 2015 14:51:02 +0100
Cc: Wei Liu <wei.liu2@xxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, dgdegra@xxxxxxxxxxxxx, Keir Fraser <keir@xxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
Delivery-date: Fri, 12 Jun 2015 13:51:25 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 12.06.15 at 15:21, <konrad.wilk@xxxxxxxxxx> wrote:
> On Thu, Jun 11, 2015 at 09:35:51AM +0100, Jan Beulich wrote:
>> >>> On 05.06.15 at 13:28, <JBeulich@xxxxxxxx> wrote:
>> > Qemu shouldn't be fiddling with this bit directly, as the hypervisor
>> > may (and now does) use it for its own purposes. Provide it with a
>> > replacement interface, allowing the hypervisor to track host and guest
>> > masking intentions independently (clearing the bit only when both want
>> > it clear).
>> 
>> Originally I merely meant to ping the tools side changes here
>> (considering that the original issue has been pending for months,
>> delayed by various security issues as well as slow turnaround on
>> understanding the nature and validity of that original issue, I'd
>> _really_ like to see this go in now), but thinking about it once
>> again over night I realized that what we do here to allow qemu
>> to be fixed would then also be made use of by the kernels
>> running pciback: While Dom0 fiddling with the MSI-X mask-all bit
>> for its own purposes is at least not a security problem, it doing
>> so on behalf of (and directed by) a guest would be as soon as
>> the hypervisor side patches making use of that bit went in.
> 
> It is hard to comment on this since I don't know exactly what
> those patches would do.

Did you take a look?

>  But the 'pci_msi_ignore_mask'
> from 38737d82f9f0168955f9944c3f8bd3bb262c7e88, "PCI/MSI: Add
> pci_msi_ignore_mask to prevent writes to MSI/MSI-X Mask Bits""
> should have prevented that. That said said patches could change
> the pci_msi_ignore_mask of course.

For one, this doesn't deal with the MSI-X mask-all bit. And then it
only suppresses functionality that the guest really ought to be
allowed to use, just not by directly manipulating hardware. Plus
of course any older Linux as well as other OSes would still be a
problem.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v3 10/10] x86/MSI-X: provide hypercall interface for mask-all control
  - From: Konrad Rzeszutek Wilk

References:
- [Xen-devel] [PATCH v3 00/10] x86/MSI-X: XSA-120, 128..131 follow-up
  - From: Jan Beulich
- [Xen-devel] [PATCH v3 10/10] x86/MSI-X: provide hypercall interface for mask-all control
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v3 10/10] x86/MSI-X: provide hypercall interface for mask-all control
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v3 10/10] x86/MSI-X: provide hypercall interface for mask-all control
  - From: Konrad Rzeszutek Wilk

Prev by Date: [Xen-devel] [ovmf test] 58425: regressions - FAIL
Next by Date: Re: [Xen-devel] Relocatable Xen early boot code
Previous by thread: Re: [Xen-devel] [PATCH v3 10/10] x86/MSI-X: provide hypercall interface for mask-all control
Next by thread: Re: [Xen-devel] [PATCH v3 10/10] x86/MSI-X: provide hypercall interface for mask-all control
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.