All of lore.kernel.org
 help / color / mirror / Atom feed
From: Tim Deegan <Tim.Deegan@citrix.com>
To: "Cihula, Joseph" <joseph.cihula@intel.com>
Cc: Ian Campbell <Ian.Campbell@eu.citrix.com>,
	"xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
Subject: Re: Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
Date: Sun, 22 May 2011 19:14:17 +0100	[thread overview]
Message-ID: <20110522181417.GA4990@whitby.uk.xensource.com> (raw)
In-Reply-To: <4F65016F6CB04E49BFFA15D4F7B798D901B77B5016@orsmsx506.amr.corp.intel.com>

At 17:02 +0100 on 20 May (1305910924), Cihula, Joseph wrote:
> > At 21:48 +0100 on 19 May (1305841716), Cihula, Joseph wrote:
> > > So how would the user (or installation SW) specify to use the best
> > > (IOMMU) security available on the platform?
> > 
> > iommu=on.  That pretty much lines up with the current meaining.
> 
> 'iommu=on' is really "*try* to use the best but it's OK if you can't",
> as it will allow execution to continue even if enabling the supported
> features fails.  'force' is really this with the caveat that execution
> won't continue if it fails to enable them.

Yes, exactly.  By extension, "on" turns on interrupt remapping if it's
there but "it's OK if you can't"; "force" requires it.  I don't
understand why you would want iommu=force to crash if the IOMMU is
missing but not if it's insecure.

> But as I said, if you're writing a Xen installer and you want to
> *ensure* that Xen uses the HW features of the system, are you going to
> make some table that tells whether any given system supports IR so
> that you know which ones to add ',nointremap' to? 

This is exactly the behaviour we already have if you don't have an iommu
at all.  The installer already needs to figure out whether there's an
IOMMU, or make it optional.

If you really want to rely on TXT and Xen to mutuallly secure each
other, then as far as I can see you _need_ an interrupt remapper in all
your supported hardware.  That being the case, iommu=force should
enforce that requirement.  If you're willing to settle for best-effort,
iommu=on already does that.

Tim.

-- 
Tim Deegan <Tim.Deegan@citrix.com>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

  reply	other threads:[~2011-05-22 18:14 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-05-17  7:42 Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI Jan Beulich
2011-05-17 22:52 ` Cihula, Joseph
2011-05-18  8:54   ` Ian Campbell
2011-05-19 20:48     ` Cihula, Joseph
2011-05-20 10:17       ` Tim Deegan
2011-05-20 16:02         ` Cihula, Joseph
2011-05-22 18:14           ` Tim Deegan [this message]
2011-05-23 21:35             ` Cihula, Joseph
2011-05-24  9:03               ` Tim Deegan
2011-05-24 16:56               ` Ian Jackson
2011-05-24 19:23                 ` Cihula, Joseph
2011-05-25 10:13                   ` Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI [and 2 more messages] Ian Jackson
2011-06-01 18:06                     ` Cihula, Joseph
2011-05-25 10:46                   ` Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI Alan Cox
2011-05-20 17:19         ` Ian Jackson
2011-05-22 18:15           ` Tim Deegan
2011-05-23  9:02             ` Ian Campbell
2011-05-24 15:15               ` Ian Jackson
2011-05-24 15:57                 ` Keir Fraser
2011-05-24 16:16                   ` Ian Pratt
2011-05-24 17:14                     ` Ian Jackson
2011-05-24 19:35                       ` Cihula, Joseph
  -- strict thread matches above, loose matches on Subject: below --
2011-05-12 13:48 Ian Jackson
2011-05-12 13:49 ` Ian Jackson
2011-05-13  8:08 ` Jan Beulich
2011-05-13 11:08   ` Joanna Rutkowska
2011-05-13 11:11     ` Ian Campbell
2011-05-13 11:20       ` Joanna Rutkowska
2011-05-13 12:34         ` Jan Beulich
2011-05-13 12:29     ` Jan Beulich
2011-05-13 12:50       ` Tim Deegan
2011-05-13 10:25 ` Ian Campbell
2011-05-16 21:34   ` Cihula, Joseph
2011-05-18  8:53     ` Ian Campbell
2011-05-18 10:03       ` Keir Fraser
2011-05-18 10:06         ` Ian Campbell
2011-05-13 17:32 ` Joanna Rutkowska
2011-05-13 17:35   ` Joanna Rutkowska

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110522181417.GA4990@whitby.uk.xensource.com \
    --to=tim.deegan@citrix.com \
    --cc=Ian.Campbell@eu.citrix.com \
    --cc=joseph.cihula@intel.com \
    --cc=xen-devel@lists.xensource.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.