[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/6] xen: Add support for hiding and unhiding pcie passthrough devices

>>> On 07.07.17 at 20:11, <venu.busireddy@xxxxxxxxxx> wrote:
> On 2017-07-06 02:45:18 -0600, Jan Beulich wrote:
>> I think so, but I may be missing parts of your reasoning as to why
>> hiding the device may be a good thing.
> Here is the rationale behind hiding the erring device.
> If a device is misbehaving, one of the following two things could be
> happening:
> a) The error is caused by the misconfiguration of the guest driver or
>    the firmware. This may not be a big problem.
> b) The error is caused by the owner of the domain re-flashing the firmware
>    of the device and inserting a rogue firmware. This is a big problem.
> And the problem is that we can't differentiate between a) and b).
> If it is case b), then we certainly need to investigate and make sure
> that the firmware is the correct version and/or reload a new firmware to
> over-write the old one (just to be safe). Either way, the device needs to
> be unassignable until the root cause is investigated. Hiding the device
> is the safest way to ensure that the device is unassignable. Otherwise,
> the administrator may inadvertently reboot the domain to which the
> device was assigned, or, the domain itself may reboot upon errors, and in
> either case, the device gets reassigned to the domain upon reboot! Hiding
> the device prevents this.
> However, if you think that all of this is too much paranoia, I am fine
> with not hiding the device, and we simply de-assign the device from the
> domain. I leave the decision to you.

Well, what if the firmware being installed is rogue, but doesn't cause
behavior that would result in us noticing right away? Passing through
non-SR-IOV devices isn't entirely secure anyway, and I don't think
SR-IOV VFs would permit firmware updates (I'd expect that to be
possible via the PF only). So I'm afraid hiding the devices won't buy
us much.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.