[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] IOMMU: make DMA containment of quarantined devices optional

On 13.12.19 15:23, Jan Beulich wrote:
On 13.12.2019 14:53, Durrant, Paul wrote:
Since *not* having the 'sink' page allows a guest pull off a host DoS
in the presence of such h/w, security is surely increased by having it?

host            device          result w/o sink         result w/ sink
good            good            good                    good
good            babbling        good                    good
wedge on fault  good            DoS (runtime)           DoS (runtime)

I guess the DoS cases here are due to malicious guest actions?

wedge on fault  babbling        DoS (runtime/late)      DoS (runtime only, 

And why is the sink page resulting in a silent DoS here?


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.