[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC 5/7] x86/iommu: the code addressing CVE-2011-1898 is VT-d specific

To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Xenia Ragiadakou <burzalodowa@xxxxxxxxx>
Date: Wed, 21 Dec 2022 17:22:55 +0200
Cc: Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
Delivery-date: Wed, 21 Dec 2022 15:23:07 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>


On 12/20/22 13:09, Andrew Cooper wrote:

On 19/12/2022 6:34 am, Xenia Ragiadakou wrote:

The variable untrusted_msi indicates whether the system is vulnerable to
CVE-2011-1898. This vulnerablity is VT-d specific.
Place the code that addresses the issue under CONFIG_INTEL_VTD.

No functional change intended.

Signed-off-by: Xenia Ragiadakou <burzalodowa@xxxxxxxxx>


Actually, this variable is pretty bogus.  I think I'd like to delete it
entirely.

Nevertheless, I don't think that it would be appropriate to be done aspart of this series.


There are systems with no IOMMU at all, and we certainly used to let PV
Passthrough go ahead.  (Not sure we do any more.)

There are systems with DMA remapping only, but no interrupt remapping.
These are known insecure.  I'm honestly not convinced that an ISR read
and crash is useful when the user has already constructed an
known-unsafe configuration, because a malicious guest in that case can
still fully mess with dom0 by sending vectors other than 0x80 and 0x82.

In particular, this option does not get activated on AMD when the user
elects to disable interrupt remapping, and I'm disinclined to wire it up
in that case too.

~Andrew

P.S. It occurs to me that FRED obsoletes the need for this anyway,
seeing as it does properly distinguish the source of an event.


--
Xenia

References:
- [RFC 0/7] Proposal to make x86 IOMMU driver support configurable
  - From: Xenia Ragiadakou
- [RFC 5/7] x86/iommu: the code addressing CVE-2011-1898 is VT-d specific
  - From: Xenia Ragiadakou
- Re: [RFC 5/7] x86/iommu: the code addressing CVE-2011-1898 is VT-d specific
  - From: Andrew Cooper

Prev by Date: Re: [PATCH 1/8] x86/paging: fold HAP and shadow memory alloc related fields
Next by Date: [ovmf test] 175441: all pass - PUSHED
Previous by thread: Re: [RFC 5/7] x86/iommu: the code addressing CVE-2011-1898 is VT-d specific
Next by thread: [RFC 6/7] x86/iommu: call pi_update_irte through an hvm_function callback
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.