[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode



> From: Chen, Tiejun
> Sent: Thursday, September 10, 2015 1:47 PM
> 
> > Need to have separate warning/error level for relax/strict.
> >
> > However I don't think this patch is a right fix. So far relax/strict policy
> > is per-domain. what about one VM specifies relax while another VM
> > specifies strict when each is assigned with a device sharing rmrr
> > with the other? In that case it becomes a system-wide security hole.
> >
> > Once we add code to track group relationship cross domains, it'd be
> > close to the final fix to support group assignment which originally target
> > 4.7. It might be risky to add that in 4.6.
> 
> Yes.
> 
> >
> > So my suggestion is to live with current limitation.
> >
> 
> But recently someone was encountering this problem.
> 
> http://www.gossamer-threads.com/lists/xen/devel/391684?page=last
> 
> We'd better figure out a simple way to this regression.
> 

I'm not sure how popular that motherboard is used... To me security is
important so having some limitation for this purpose is acceptable. But
I'd also like to hear comments from Jan and Wei. If they think regression
is more important (anyway we're not causing new security problem, it's
there before), I'm OK with this patch (besides you need fix print level)

Thanks
Kevin

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.