|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [TESTDAY] PV / HVM pass-through works when IOMMU present; weird failures when not
>>> On 01.07.13 at 12:53, George Dunlap <george.dunlap@xxxxxxxxxxxxx> wrote: > On 28/06/13 17:00, Jan Beulich wrote: >>>>> On 28.06.13 at 17:37, George Dunlap <George.Dunlap@xxxxxxxxxxxxx> wrote: >>> - For HVM guests, the only user-visible indication tha the IOMMU has >>> been disabled is the following error message on the command-line: >>> >>> # xl pci-attach h0 07:00.0 >>> libxl: error: libxl_pci.c:949:do_pci_add: xc_assign_device failed >>> >>> However, the device itself ends up passed-through to the guest anyway; >>> the guest seems to be able to see it and interact with it normally. >>> This is particularly scary, as in theory this should not be possible >>> without a working IOMMU. >>> >>> I don't think this is a blocker for 4.3, but we should definitely >>> release note it, and for 4.4 add a check to see if there is a >>> functioning IOMMU and only add a device if there's an override set. >> To me this very much looks like a security problem (which I >> think we should fix asap). > > Is it worth delaying the release (yet) another week for? I would say so, but I'm open to being convinced otherwise. > Probably the simplest solution at the moment, if there's an easy way for > the toolstack to figure out whether there is a working IOMMU or not, is > to simply not allow pass-through without an IOMMU unless there is an > override option. xend had no override option - pass-through to HVM without IOMMU should never be allowed imo. Adding proper error handling perhaps is indeed beyond what's reasonable for 4.3, but making use of xc_test_assign_device() should result in not too big a change. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |