[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [PATCH v4 2/5] x86/iommu: make code addressing CVE-2011-1898 no VT-d specific

  • To: Xenia Ragiadakou <burzalodowa@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: "Tian, Kevin" <kevin.tian@xxxxxxxxx>
  • Date: Wed, 1 Feb 2023 05:07:34 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SyOIbm9Tko8Y6FhaRs8AOgk8lWyPeSs6F//NeVjr2/U=; b=mCHJDWKIuSND0JNzK07bScKmm+dCMhM/1iZktezkIbRtu9nulNxYRWHlMDE0cMHrat0tOFU6aK0EmJJpZS7/b796KxbMGepMT7w7se/fHiLhWF8lJ7RlXJ4fY4866oejmW+ZBrmmJmlZQoCotSOVroeaRm0pN17t3SBLfQ3Vu3Y79dqc2YQ1G7QLSCbr5Kr/m3GTyDsGIhhOwbuMX5RKrRnWCIuqJc7HmbLpjCpYcTka2TXrzqkKnlMuN0oek4755BoXbFhyVoP+seU3YipQp4q73opSKXD3Mqx6b36KwFt2ie1rwbEBwRj/hh2oJAvgRSAGh7YxF8xoq/+i82JbkA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UxDw4H8jSF6flxmkd2RMiSqa55zJXe8Qu3Dm7a792MdRju/SwfbO5sMk7JlN5MzniYbxsWqMQRyugnAqrK0DsAfKpMAGeWOLXbWNTS0BgC4j3RG8g7ptE3Ta6l9CFUP6d44Ui0QVYQmrZ19F7rNWM8HbbrfdYptxXagozOvARi5bqoHhg6h3m3qCYFWSnP32X8M6mKh+AETXfF/kKgoZyoEqugplxsXwT27BcNBgwH2NQUZPk7UeWS7T0HCRXtc2V8ASp30L2eRNr+vtgUznLEI0zvS866NSqxJbaaeVAw8g8VxEctef5hwBlFePGj597JRRbzkchGHBea4Qh+Nf9A==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
  • Cc: "Beulich, Jan" <JBeulich@xxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Pau Monné, Roger <roger.pau@xxxxxxxxxx>
  • Delivery-date: Wed, 01 Feb 2023 05:08:13 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHZL/FVJOdom3IWD0Wag5ryo7ERT665k35w
  • Thread-topic: [PATCH v4 2/5] x86/iommu: make code addressing CVE-2011-1898 no VT-d specific
> From: Xenia Ragiadakou <burzalodowa@xxxxxxxxx>
> Sent: Tuesday, January 24, 2023 8:42 PM
> 
> The variable untrusted_msi indicates whether the system is vulnerable to
> CVE-2011-1898 due to the absence of interrupt remapping support.
> Although AMD iommus with interrupt remapping disabled are also affected,
> this case is not handled yet. Given that the issue is not VT-d specific,
> and to accommodate future use of the flag for covering also the AMD iommu
> case, move the definition of the flag out of the VT-d specific code to the
> common x86 iommu code.
> 
> Also, since the current implementation assumes that only PV guests are
> prone
> to this attack, take the opportunity to define untrusted_msi only when PV is
> enabled.
> 

I'm fine with this change given no functional change.

But I'm curious about the statement here that the current code only
applies to PV guest. I didn't see such statement in original mail [1]
and in concept a HVM guest with passthrough device can also do such
attack w/o interrupt remapping.

Any more context?

[1] 
http://old-list-archives.xenproject.org/archives/html/xen-devel/2011-05/msg00687.html

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.