[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Requesting for freeze exception for VT-d posted-interrupts



>>> On 14.07.15 at 17:02, <wei.liu2@xxxxxxxxxx> wrote:
> On Tue, Jul 14, 2015 at 03:46:46PM +0100, Jan Beulich wrote:
>> >>> On 14.07.15 at 16:17, <wei.liu2@xxxxxxxxxx> wrote:
>> > On Tue, Jul 14, 2015 at 11:09:15AM +0100, Jan Beulich wrote:
>> >> >>> On 14.07.15 at 11:21, <wei.liu2@xxxxxxxxxx> wrote:
>> >> > On Tue, Jul 14, 2015 at 05:51:02AM +0000, Wu, Feng wrote:
>> >> >> Is it possible to get to 4.6 if making this feature default off?
>> >> > 
>> >> > Note that I'm not the only one who makes the decision and I can't speak
>> >> > for maintainers. The first thing you ought to do is to convince
>> >> > maintainers, not me.
>> >> > 
>> >> > If you ask for my opinion -- I don't see a point in releasing feature
>> >> > with security flaw in design, even if it is off by default. 
>> >> 
>> >> It was actually me who suggested that by flagging this experimental
>> >> and defaulting it to off, chances would increase for this to be allowed
>> >> in without said issue fixed.
>> > 
>> > Are you satisfied with that?  Currently I only know from this email
>> > there is concern with regard to security but I don't know what it is and
>> > how big an impact it can possibly have.
>> > 
>> > I could maybe go dig up that series and try to understand what is the
>> > security implication, but it would take a long time and I'm not sure I
>> > have the right technical background to make the call.
>> 
>> The thing is that the way vCPU-s are being put on lists attached to
>> pCPU-s, in a pathological case (which can be "helped" by a malicious
>> tool stack) all vCPU-s could pile up on one such list. List traversal (in
>> an interrupt handler) could then take (almost) arbitrarily long.
> 
> You mentioned "malicious toolstack", does that mean this feature, if on,
> doesn't expose new attack vector to malicious guest?

I think getting a guest to affect this would be more involved, but
I can't entirely exclude it.

> And what do you mean by "malicious toolstack"? I don't see patches
> related to toolstack.

This is because the tool stack can control placement of vCPU-s on
pCPU-s, not because new tool stack code is being added.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.