[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC v2 4/4] xen/MSI: re-expose masking capability

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Date: Fri, 11 Dec 2015 14:33:57 +0000
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, qemu-devel@xxxxxxxxxx, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Delivery-date: Fri, 11 Dec 2015 14:34:50 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Mon, 7 Dec 2015, Jan Beulich wrote:
> >>> On 07.12.15 at 15:56, <stefano.stabellini@xxxxxxxxxxxxx> wrote:
> > On Mon, 7 Dec 2015, Jan Beulich wrote:
> >> >>> On 07.12.15 at 13:45, <stefano.stabellini@xxxxxxxxxxxxx> wrote:
> >> > On Tue, 24 Nov 2015, Jan Beulich wrote:
> >> >> Now that the hypervisor intercepts all config space writes and monitors
> >> >> changes to the masking flags, this undoes the main effect of the
> >> >> XSA-129 fix, exposing the masking capability again to guests.
> > 
> > Could you please mention the relevant commit ids in Xen?
> 
> It's just one (which I've now  added a reference to), unless you want
> all the prereqs listed.

One is probably OK.


> > What happens if QEMU, with this change, is running on top of an older
> > Xen that doesn't intercepts all config space writes?
> 
> The security issue would resurface.
> 
> >> >> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> >> >> ---
> >> >> TBD: We probably need to deal with running on an older hypervisor. I
> >> >>      can't, however, immediately see a way for qemu to find out.
> >> > 
> >> > Actually QEMU has already an infrastructure to detect the hypervisor
> >> > version at compile time, see include/hw/xen/xen_common.h. You could
> >> > #define the right emu_mask depending on the hypervisor.
> >> 
> >> We don't want compile time detection here, but runtime one.
> > 
> > I guess the issue is that a fix was backported to Xen that changed its
> > behaviour in past releases, right?
> 
> No, we shouldn't try to guess whether this is present in any pre-4.6
> hypervisors; we should simply accept that maskable MSI is not
> available for guests there, because ...
> 
> > Is there a way to detect the presence of this fix in Xen, by invoking an
> > hypercall and checking the returned values and error numbers?
> 
> ... there's nothing to (reliably) probe here. This really is just an
> implementation detail of the hypervisor, and hence a version check
> is all we have available.

In that case, I think we should stay on the safe side, and only expose
the masking capability (only take into effects the changes that this
patch makes) for Xen >= 4.7.

What do you think?

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH RFC v2 4/4] xen/MSI: re-expose masking capability
  - From: Jan Beulich

References:
- Re: [Xen-devel] [PATCH RFC v2 4/4] xen/MSI: re-expose masking capability
  - From: Stefano Stabellini
- Re: [Xen-devel] [PATCH RFC v2 4/4] xen/MSI: re-expose masking capability
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH RFC v2 4/4] xen/MSI: re-expose masking capability
  - From: Stefano Stabellini
- Re: [Xen-devel] [PATCH RFC v2 4/4] xen/MSI: re-expose masking capability
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] [PATCH QEMU-XEN v6 4/8] xen: Switch uses of xc_map_foreign_range into xc_map_foreign_pages
Next by Date: Re: [Xen-devel] [PATCH v2] ignore writes to GICD_ICACTIVER ... GICD_ICACTIVERN
Previous by thread: Re: [Xen-devel] [PATCH RFC v2 4/4] xen/MSI: re-expose masking capability
Next by thread: Re: [Xen-devel] [PATCH RFC v2 4/4] xen/MSI: re-expose masking capability
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.