[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC v2 4/4] xen/MSI: re-expose masking capability

>>> On 07.12.15 at 15:56, <stefano.stabellini@xxxxxxxxxxxxx> wrote:
> On Mon, 7 Dec 2015, Jan Beulich wrote:
>> >>> On 07.12.15 at 13:45, <stefano.stabellini@xxxxxxxxxxxxx> wrote:
>> > On Tue, 24 Nov 2015, Jan Beulich wrote:
>> >> Now that the hypervisor intercepts all config space writes and monitors
>> >> changes to the masking flags, this undoes the main effect of the
>> >> XSA-129 fix, exposing the masking capability again to guests.
> Could you please mention the relevant commit ids in Xen?

It's just one (which I've now  added a reference to), unless you want
all the prereqs listed.

> What happens if QEMU, with this change, is running on top of an older
> Xen that doesn't intercepts all config space writes?

The security issue would resurface.

>> >> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>> >> ---
>> >> TBD: We probably need to deal with running on an older hypervisor. I
>> >>      can't, however, immediately see a way for qemu to find out.
>> > 
>> > Actually QEMU has already an infrastructure to detect the hypervisor
>> > version at compile time, see include/hw/xen/xen_common.h. You could
>> > #define the right emu_mask depending on the hypervisor.
>> We don't want compile time detection here, but runtime one.
> I guess the issue is that a fix was backported to Xen that changed its
> behaviour in past releases, right?

No, we shouldn't try to guess whether this is present in any pre-4.6
hypervisors; we should simply accept that maskable MSI is not
available for guests there, because ...

> Is there a way to detect the presence of this fix in Xen, by invoking an
> hypercall and checking the returned values and error numbers?

... there's nothing to (reliably) probe here. This really is just an
implementation detail of the hypervisor, and hence a version check
is all we have available.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.