[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/2] VT-d: apply quirks at device setup time rather than only at boot

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Mon, 28 Apr 2014 11:01:13 +0100
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, xiantao.zhang@xxxxxxxxx, Donald D Dugger <donald.d.dugger@xxxxxxxxx>
Delivery-date: Mon, 28 Apr 2014 10:01:31 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 28/04/14 10:55, Jan Beulich wrote:
>>>> On 28.04.14 at 11:30, <andrew.cooper3@xxxxxxxxxx> wrote:
>> On 28/04/14 09:01, Jan Beulich wrote:
>>> Accessing extended config space may not be possible at boot time, e.g.
>>> when the memory space used by MMCFG is reserved only via ACPI tables,
>>> but not in the E820/UEFI memory maps (which we need Dom0 to tell us
>>> about). Consequently the change here still leaves the issue unaddressed
>>> for systems where the extended config space remains inaccessible (due
>>> to firmware bugs, i.e. not properly reserving the address space of
>>> those regions).
>>>
>>> With the respective messages now potentially getting logged more than
>>> once, we ought to consider whether we should issue them only if we in
>>> fact were required to do any masking (i.e. if the relevant mask bits
>>> weren't already set).
>>>
>>> This is CVE-2013-3495 / XSA-59.
>>>
>>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>> I would agree that log messages should only be presented if Xen had to
>> change system state.
> I'll wait for eventual other opinions, but might create a 3rd patch on
> top of these then. Just for the record, the downside I see to this is
> that then there's no trace left that a system is secure. An intermediate
> option might be to downgrade the messages to XENLOG_DEBUG when
> we didn't really need to do anything.
>
> Jan
>

Hmm yes - that is a point.  It probably is best to leave some hint for
people really trying to find it.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH 0/2] VT-d: further XSA-59 workaround adjustments
  - From: Jan Beulich
- [Xen-devel] [PATCH 1/2] VT-d: apply quirks at device setup time rather than only at boot
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 1/2] VT-d: apply quirks at device setup time rather than only at boot
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH 1/2] VT-d: apply quirks at device setup time rather than only at boot
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] [PATCH v3 4/9] Clear AC bit in RFLAGS to protect Xen itself by SMAP
Next by Date: Re: [Xen-devel] Spurious "NUMA placement failed, performance might be affected" message on ARM
Previous by thread: Re: [Xen-devel] [PATCH 1/2] VT-d: apply quirks at device setup time rather than only at boot
Next by thread: [Xen-devel] [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.