[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC v2 4/4] xen/MSI: re-expose masking capability

To: "Stefano Stabellini" <stefano.stabellini@xxxxxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Mon, 07 Dec 2015 08:35:58 -0700
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, qemu-devel@xxxxxxxxxx
Delivery-date: Mon, 07 Dec 2015 15:38:00 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 07.12.15 at 15:56, <stefano.stabellini@xxxxxxxxxxxxx> wrote:
> On Mon, 7 Dec 2015, Jan Beulich wrote:
>> >>> On 07.12.15 at 13:45, <stefano.stabellini@xxxxxxxxxxxxx> wrote:
>> > On Tue, 24 Nov 2015, Jan Beulich wrote:
>> >> Now that the hypervisor intercepts all config space writes and monitors
>> >> changes to the masking flags, this undoes the main effect of the
>> >> XSA-129 fix, exposing the masking capability again to guests.
> 
> Could you please mention the relevant commit ids in Xen?

It's just one (which I've now  added a reference to), unless you want
all the prereqs listed.

> What happens if QEMU, with this change, is running on top of an older
> Xen that doesn't intercepts all config space writes?

The security issue would resurface.

>> >> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>> >> ---
>> >> TBD: We probably need to deal with running on an older hypervisor. I
>> >>      can't, however, immediately see a way for qemu to find out.
>> > 
>> > Actually QEMU has already an infrastructure to detect the hypervisor
>> > version at compile time, see include/hw/xen/xen_common.h. You could
>> > #define the right emu_mask depending on the hypervisor.
>> 
>> We don't want compile time detection here, but runtime one.
> 
> I guess the issue is that a fix was backported to Xen that changed its
> behaviour in past releases, right?

No, we shouldn't try to guess whether this is present in any pre-4.6
hypervisors; we should simply accept that maskable MSI is not
available for guests there, because ...

> Is there a way to detect the presence of this fix in Xen, by invoking an
> hypercall and checking the returned values and error numbers?

... there's nothing to (reliably) probe here. This really is just an
implementation detail of the hypervisor, and hence a version check
is all we have available.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH RFC v2 4/4] xen/MSI: re-expose masking capability
  - From: Stefano Stabellini

References:
- Re: [Xen-devel] [PATCH RFC v2 4/4] xen/MSI: re-expose masking capability
  - From: Stefano Stabellini
- Re: [Xen-devel] [PATCH RFC v2 4/4] xen/MSI: re-expose masking capability
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH RFC v2 4/4] xen/MSI: re-expose masking capability
  - From: Stefano Stabellini

Prev by Date: Re: [Xen-devel] [OSSTEST PATCH 11/11] mg-schema-test-database: Sort out daemons; provide `daemons' subcommand
Next by Date: Re: [Xen-devel] [OSSTEST PATCH 07/11] cri-getconfig: Provide debugging for get_psql_cmd
Previous by thread: Re: [Xen-devel] [PATCH RFC v2 4/4] xen/MSI: re-expose masking capability
Next by thread: Re: [Xen-devel] [PATCH RFC v2 4/4] xen/MSI: re-expose masking capability
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.