[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/6] xen: Add support for hiding and unhiding pcie passthrough devices

To: "Venu Busireddy" <venu.busireddy@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Mon, 10 Jul 2017 01:52:27 -0600
Cc: Elena Ufimtseva <elena.ufimtseva@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Delivery-date: Mon, 10 Jul 2017 07:52:44 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 07.07.17 at 20:11, <venu.busireddy@xxxxxxxxxx> wrote:
> On 2017-07-06 02:45:18 -0600, Jan Beulich wrote:
>> I think so, but I may be missing parts of your reasoning as to why
>> hiding the device may be a good thing.
> 
> Here is the rationale behind hiding the erring device.
> 
> If a device is misbehaving, one of the following two things could be
> happening:
> 
> a) The error is caused by the misconfiguration of the guest driver or
>    the firmware. This may not be a big problem.
> 
> b) The error is caused by the owner of the domain re-flashing the firmware
>    of the device and inserting a rogue firmware. This is a big problem.
> 
> And the problem is that we can't differentiate between a) and b).
> 
> If it is case b), then we certainly need to investigate and make sure
> that the firmware is the correct version and/or reload a new firmware to
> over-write the old one (just to be safe). Either way, the device needs to
> be unassignable until the root cause is investigated. Hiding the device
> is the safest way to ensure that the device is unassignable. Otherwise,
> the administrator may inadvertently reboot the domain to which the
> device was assigned, or, the domain itself may reboot upon errors, and in
> either case, the device gets reassigned to the domain upon reboot! Hiding
> the device prevents this.
> 
> However, if you think that all of this is too much paranoia, I am fine
> with not hiding the device, and we simply de-assign the device from the
> domain. I leave the decision to you.

Well, what if the firmware being installed is rogue, but doesn't cause
behavior that would result in us noticing right away? Passing through
non-SR-IOV devices isn't entirely secure anyway, and I don't think
SR-IOV VFs would permit firmware updates (I'd expect that to be
possible via the PF only). So I'm afraid hiding the devices won't buy
us much.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 1/6] xen: Add support for hiding and unhiding pcie passthrough devices
  - From: Venu Busireddy

References:
- Re: [Xen-devel] [PATCH 1/6] xen: Add support for hiding and unhiding pcie passthrough devices
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 1/6] xen: Add support for hiding and unhiding pcie passthrough devices
  - From: Venu Busireddy
- Re: [Xen-devel] [PATCH 1/6] xen: Add support for hiding and unhiding pcie passthrough devices
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 1/6] xen: Add support for hiding and unhiding pcie passthrough devices
  - From: Venu Busireddy

Prev by Date: [Xen-devel] [PATCH] x86emul: correct EVEX register extension bit handling for non-64-bit modes
Next by Date: [Xen-devel] [PATCH v3] xen/balloon: don't online new memory initially
Previous by thread: Re: [Xen-devel] [PATCH 1/6] xen: Add support for hiding and unhiding pcie passthrough devices
Next by thread: Re: [Xen-devel] [PATCH 1/6] xen: Add support for hiding and unhiding pcie passthrough devices
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.