[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] IOMMU: make DMA containment of quarantined devices optional

To: "Durrant, Paul" <pdurrant@xxxxxxxxxx>, Jürgen Groß <jgross@xxxxxxxx>
From: Jan Beulich <jbeulich@xxxxxxxx>
Date: Fri, 13 Dec 2019 15:23:16 +0100
Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>, Konrad Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Fri, 13 Dec 2019 14:23:02 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 13.12.2019 14:53, Durrant, Paul wrote:
> Since *not* having the 'sink' page allows a guest pull off a host DoS
> in the presence of such h/w, security is surely increased by having it?

host            device          result w/o sink         result w/ sink
good            good            good                    good
good            babbling        good                    good
wedge on fault  good            DoS (runtime)           DoS (runtime)
wedge on fault  babbling        DoS (runtime/late)      DoS (runtime only, 
silent)

I wouldn't call it an increase of security to fully hide post-
deassignment issues without doing anything about issues that can
arise while the device is still assigned.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v2] IOMMU: make DMA containment of quarantined devices optional
  - From: Jürgen Groß

References:
- [Xen-devel] [PATCH v2] IOMMU: make DMA containment of quarantined devices optional
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v2] IOMMU: make DMA containment of quarantined devices optional
  - From: Jürgen Groß
- Re: [Xen-devel] [PATCH v2] IOMMU: make DMA containment of quarantined devices optional
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v2] IOMMU: make DMA containment of quarantined devices optional
  - From: Jürgen Groß
- Re: [Xen-devel] [PATCH v2] IOMMU: make DMA containment of quarantined devices optional
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v2] IOMMU: make DMA containment of quarantined devices optional
  - From: Jürgen Groß
- Re: [Xen-devel] [PATCH v2] IOMMU: make DMA containment of quarantined devices optional
  - From: Durrant, Paul

Prev by Date: Re: [Xen-devel] [PATCH v4 1/2] x86/mm: factor out the code for shattering an l3 PTE
Next by Date: Re: [Xen-devel] [PATCH v2] IOMMU: make DMA containment of quarantined devices optional
Previous by thread: Re: [Xen-devel] [PATCH v2] IOMMU: make DMA containment of quarantined devices optional
Next by thread: Re: [Xen-devel] [PATCH v2] IOMMU: make DMA containment of quarantined devices optional
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.