[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI

To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
From: Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Date: Sun, 22 May 2011 19:15:55 +0100
Cc: Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>, "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Sun, 22 May 2011 11:17:04 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

At 18:19 +0100 on 20 May (1305915548), Ian Jackson wrote:
> Tim Deegan writes ("Re: [Xen-devel] Xen security advisory CVE-2011-1898 - 
> VT-d (PCI passthrough) MSI"):
> > At 21:48 +0100 on 19 May (1305841716), Cihula, Joseph wrote:
> > > So how would the user (or installation SW) specify to use the best
> > > (IOMMU) security available on the platform?
> > 
> > iommu=on.  That pretty much lines up with the current meaining. 
> > 
> > Only iommu=force requires a fully secure IOMMU, and you can
> > overide that with iommu=force,nointremap.  
> 
> I think this is the best behaviour.  Do we have a patch that
> implements it ?  If I'm not confused, the patch further upthread
> crashes on lack of intremap even with iommu=on.

AIUI Ian Campbell's most recent patch does exactly this.  Ian?

Tim.

-- 
Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
  - From: Ian Campbell

References:
- RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
  - From: Jan Beulich
- RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
  - From: Cihula, Joseph
- RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
  - From: Ian Campbell
- RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
  - From: Cihula, Joseph
- Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
  - From: Tim Deegan
- Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
  - From: Ian Jackson

Prev by Date: Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
Next by Date: [Xen-devel] [xen-4.1-testing test] 7218: regressions - FAIL
Previous by thread: Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
Next by thread: Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.