From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Jan Beulich" Subject: Ping: [PATCH 0/2] VT-d: further XSA-59 workaround adjustments Date: Thu, 08 May 2014 09:07:46 +0100 Message-ID: <536B57720200007800010523@mail.emea.novell.com> References: <535E254A020000780000CA9A@nat28.tlf.novell.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1WiJMr-0005LJ-JE for xen-devel@lists.xenproject.org; Thu, 08 May 2014 08:07:49 +0000 In-Reply-To: <535E254A020000780000CA9A@nat28.tlf.novell.com> Content-Disposition: inline List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Donald D Dugger , xiantao.zhang@intel.com Cc: xen-devel List-Id: xen-devel@lists.xenproject.org >>> On 28.04.14 at 09:54, wrote: > While doing the backports of the recently committed XSA-59 workaround > patches, when reaching 4.2 I had to inspect the fuzzy applies resulting > from the x86-64 conditionals in that code, making me realize that what > we're doing is still insufficient: We wrongly assume to be able to access > extended config registers (i.e. MMCFG space) at boot time. > > Fixing that, in turn made me again look at the one workaround that was > in place in the same function before that recent series, just to find that > the list very likely should have been extended quite a while back. > > 1: apply quirks at device setup time rather than only at boot > 2: extend error report masking workaround to newer chipsets > > This (still) is CVE-2013-3495 / XSA-59. > > Signed-off-by: Jan Beulich Even if patch 2 may require additional time to be validated (and ideally may turn out not to be required at all), I would still appreciate some feedback on patch 1 rather sooner than later. Jan