From mboxrd@z Thu Jan  1 00:00:00 1970
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Subject: Re: [PATCH v3 10/10] x86/MSI-X: provide hypercall
 interface for mask-all control
Date: Fri, 12 Jun 2015 10:17:33 -0400
Message-ID: <20150612141733.GK15651@l.oracle.com>
References: <55719F9D0200007800081425@mail.emea.novell.com>
	<5571A3F202000078000814CA@mail.emea.novell.com>
	<557964870200007800083706@mail.emea.novell.com>
	<20150612132140.GA15651@l.oracle.com>
	<557AFFE60200007800084433@mail.emea.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta14.messagelabs.com ([193.109.254.103])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <konrad.wilk@oracle.com>) id 1Z3PmD-0002ug-KO
	for xen-devel@lists.xenproject.org; Fri, 12 Jun 2015 14:17:45 +0000
Content-Disposition: inline
In-Reply-To: <557AFFE60200007800084433@mail.emea.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: Wei Liu <wei.liu2@citrix.com>, Stefano Stabellini <stefano.stabellini@eu.citrix.com>, Andrew Cooper <andrew.cooper3@citrix.com>, Ian Jackson <Ian.Jackson@eu.citrix.com>, Ian Campbell <Ian.Campbell@eu.citrix.com>, xen-devel <xen-devel@lists.xenproject.org>, dgdegra@tycho.nsa.gov, Keir Fraser <keir@xen.org>, Roger Pau Monne <roger.pau@citrix.com>
List-Id: xen-devel@lists.xenproject.org

On Fri, Jun 12, 2015 at 02:51:02PM +0100, Jan Beulich wrote:
> >>> On 12.06.15 at 15:21, <konrad.wilk@oracle.com> wrote:
> > On Thu, Jun 11, 2015 at 09:35:51AM +0100, Jan Beulich wrote:
> >> >>> On 05.06.15 at 13:28, <JBeulich@suse.com> wrote:
> >> > Qemu shouldn't be fiddling with this bit directly, as the hypervisor
> >> > may (and now does) use it for its own purposes. Provide it with a
> >> > replacement interface, allowing the hypervisor to track host and guest
> >> > masking intentions independently (clearing the bit only when both want
> >> > it clear).
> >> 
> >> Originally I merely meant to ping the tools side changes here
> >> (considering that the original issue has been pending for months,
> >> delayed by various security issues as well as slow turnaround on
> >> understanding the nature and validity of that original issue, I'd
> >> _really_ like to see this go in now), but thinking about it once
> >> again over night I realized that what we do here to allow qemu
> >> to be fixed would then also be made use of by the kernels
> >> running pciback: While Dom0 fiddling with the MSI-X mask-all bit
> >> for its own purposes is at least not a security problem, it doing
> >> so on behalf of (and directed by) a guest would be as soon as
> >> the hypervisor side patches making use of that bit went in.
> > 
> > It is hard to comment on this since I don't know exactly what
> > those patches would do.
> 
> Did you take a look?

No. Oddly enough they didn't show up in my thread and I didn't
even look at the title to Google for it. Doing it now.
> 
> >  But the 'pci_msi_ignore_mask'
> > from 38737d82f9f0168955f9944c3f8bd3bb262c7e88, "PCI/MSI: Add
> > pci_msi_ignore_mask to prevent writes to MSI/MSI-X Mask Bits""
> > should have prevented that. That said said patches could change
> > the pci_msi_ignore_mask of course.
> 
> For one, this doesn't deal with the MSI-X mask-all bit. And then it
> only suppresses functionality that the guest really ought to be
> allowed to use, just not by directly manipulating hardware. Plus
> of course any older Linux as well as other OSes would still be a
> problem.

True.
> 
> Jan
>