[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 2/5] x86/iommu: make code addressing CVE-2011-1898 no VT-d specific


On 2/1/23 07:07, Tian, Kevin wrote:

From: Xenia Ragiadakou <burzalodowa@xxxxxxxxx>
Sent: Tuesday, January 24, 2023 8:42 PM

The variable untrusted_msi indicates whether the system is vulnerable to
CVE-2011-1898 due to the absence of interrupt remapping support.
Although AMD iommus with interrupt remapping disabled are also affected,
this case is not handled yet. Given that the issue is not VT-d specific,
and to accommodate future use of the flag for covering also the AMD iommu
case, move the definition of the flag out of the VT-d specific code to the
common x86 iommu code.

Also, since the current implementation assumes that only PV guests are
prone
to this attack, take the opportunity to define untrusted_msi only when PV is
enabled.



I'm fine with this change given no functional change.

But I'm curious about the statement here that the current code only
applies to PV guest. I didn't see such statement in original mail [1]
and in concept a HVM guest with passthrough device can also do such
attack w/o interrupt remapping.

Any more context?
I agree. I phrased it that way because currently the mitigation addresses only maliciously injected PV traps. 



[1] 
http://old-list-archives.xenproject.org/archives/html/xen-devel/2011-05/msg00687.html


--
Xenia

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.