[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/6] xen: Add support for hiding and unhiding pcie passthrough devices

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Venu Busireddy <venu.busireddy@xxxxxxxxxx>
Date: Mon, 10 Jul 2017 11:58:38 -0500
Cc: Elena Ufimtseva <elena.ufimtseva@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Delivery-date: Mon, 10 Jul 2017 16:59:01 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 2017-07-10 01:52:27 -0600, Jan Beulich wrote:
> >>> On 07.07.17 at 20:11, <venu.busireddy@xxxxxxxxxx> wrote:
> > On 2017-07-06 02:45:18 -0600, Jan Beulich wrote:
> >> I think so, but I may be missing parts of your reasoning as to why
> >> hiding the device may be a good thing.
> > 
> > Here is the rationale behind hiding the erring device.
> > 
> > If a device is misbehaving, one of the following two things could be
> > happening:
> > 
> > a) The error is caused by the misconfiguration of the guest driver or
> >    the firmware. This may not be a big problem.
> > 
> > b) The error is caused by the owner of the domain re-flashing the firmware
> >    of the device and inserting a rogue firmware. This is a big problem.
> > 
> > And the problem is that we can't differentiate between a) and b).
> > 
> > If it is case b), then we certainly need to investigate and make sure
> > that the firmware is the correct version and/or reload a new firmware to
> > over-write the old one (just to be safe). Either way, the device needs to
> > be unassignable until the root cause is investigated. Hiding the device
> > is the safest way to ensure that the device is unassignable. Otherwise,
> > the administrator may inadvertently reboot the domain to which the
> > device was assigned, or, the domain itself may reboot upon errors, and in
> > either case, the device gets reassigned to the domain upon reboot! Hiding
> > the device prevents this.
> > 
> > However, if you think that all of this is too much paranoia, I am fine
> > with not hiding the device, and we simply de-assign the device from the
> > domain. I leave the decision to you.
> 
> Well, what if the firmware being installed is rogue, but doesn't cause
> behavior that would result in us noticing right away? Passing through
> non-SR-IOV devices isn't entirely secure anyway, and I don't think
> SR-IOV VFs would permit firmware updates (I'd expect that to be
> possible via the PF only). So I'm afraid hiding the devices won't buy
> us much.

Okay. In a week, I will send v2 of this patch without hiding the device,
unless we hear form others within that time-frame with other thoughts
that change the approach.

Venu


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- Re: [Xen-devel] [PATCH 1/6] xen: Add support for hiding and unhiding pcie passthrough devices
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 1/6] xen: Add support for hiding and unhiding pcie passthrough devices
  - From: Venu Busireddy
- Re: [Xen-devel] [PATCH 1/6] xen: Add support for hiding and unhiding pcie passthrough devices
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 1/6] xen: Add support for hiding and unhiding pcie passthrough devices
  - From: Venu Busireddy
- Re: [Xen-devel] [PATCH 1/6] xen: Add support for hiding and unhiding pcie passthrough devices
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] Regression PCI passthrough from 4.5.5 to 4.6.0-rc1
Next by Date: [Xen-devel] [PATCH] x86/monitor: Notify monitor if an emulation fails.
Previous by thread: Re: [Xen-devel] [PATCH 1/6] xen: Add support for hiding and unhiding pcie passthrough devices
Next by thread: [Xen-devel] [PATCH v2 0/4] xen: don't save/restore the physmap on VM save/restore
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.