Xen project Mailing List

RE: [Xen-devel] Critical bug: VT-d fault causes disk corruption or Dom0 kernel panic.

To: "Kay, Allen M" <allen.m.kay@xxxxxxxxx>, Keir Fraser <keir.fraser@xxxxxxxxxxxxx>, "Li, Xin" <xin.li@xxxxxxxxx>, "Li, Haicheng" <haicheng.li@xxxxxxxxx>, "'xen-devel@xxxxxxxxxxxxxxxxxxx'" <xen-devel@xxxxxxxxxxxxxxxxxxx>

From: "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>

Date: Fri, 23 Jan 2009 16:34:44 -0800

Accept-language: en-US

Acceptlanguage: en-US

Cc:

Delivery-date: Fri, 23 Jan 2009 16:35:33 -0800

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Thread-index: Acl8Q3YVs3niaMuxT1CPWgfSc0ZGCwAITqg5AAKyJXAAAOMrHgAfiHegABEJqTgAEqyPIAACkS3lAAAS7KQACh68wAAB9ZoQ

Thread-topic: [Xen-devel] Critical bug: VT-d fault causes disk corruption or Dom0 kernel panic.

> From: Kay, Allen M > Sent: Friday, January 23, 2009 3:40 PM > > I talked to Joe Cihula about this. He is suggesting map only the RAM memory > in E820 table. > This is more secure than map everything below max_page. We can do this for > x86_64 and x86_32. > For IA-64, we still map everything below max_page as there is no tboot issue. > > What do you think of is approach? > > Allen But excluding the Xen text sections using is_kernel_text(). Joe > > -----Original Message----- > From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On > Behalf Of Keir Fraser > Sent: Friday, January 23, 2009 10:44 AM > To: Kay, Allen M; Li, Xin; Li, Haicheng; 'xen-devel@xxxxxxxxxxxxxxxxxxx' > Subject: Re: [Xen-devel] Critical bug: VT-d fault causes disk corruption or > Dom0 kernel panic. > > On 23/01/2009 18:41, "Keir Fraser" <keir.fraser@xxxxxxxxxxxxx> wrote: > > > Also it's going to be hard to do better while keeping efficiency since if > > you > > only map dom0's pages in its vtd tables then PV backend drivers will not > > work > > (which rely on DMAing to/from other domain's pages via grant references). > > You'd have to dynamically map/unmap as grants get mapped/unmapped, and you > > may > > not want the performance hit of that. > > > > I'd personally vote for getting rid of xen_in_range(). Alternatively we > > could > > have it merely check for is_kernel_text(), but really I think since it is > > not > > in any way full protection from dom0 I wonder if it is worth the bother at > > all. > > > > What do you think? > > I should add that you could still implement the more sophisticated and > slower full protection, where dom0 only has DMA access to pages it currently > has access to via the host CPUs, as a boot option. For those who really > don't want to trust dom0 as far as possible. > > -- Keir > > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.