[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH v2] IOMMU: make DMA containment of quarantined devices optional
- To: Jan Beulich <jbeulich@xxxxxxxx>, "Durrant, Paul" <pdurrant@xxxxxxxxxx>
- From: Jürgen Groß <jgross@xxxxxxxx>
- Date: Fri, 13 Dec 2019 15:29:36 +0100
- Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Wei Liu <wl@xxxxxxx>, Konrad Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Delivery-date: Fri, 13 Dec 2019 14:29:58 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 13.12.19 15:23, Jan Beulich wrote:
On 13.12.2019 14:53, Durrant, Paul wrote:
Since *not* having the 'sink' page allows a guest pull off a host DoS
in the presence of such h/w, security is surely increased by having it?
host device result w/o sink result w/ sink
good good good good
good babbling good good
wedge on fault good DoS (runtime) DoS (runtime)
I guess the DoS cases here are due to malicious guest actions?
wedge on fault babbling DoS (runtime/late) DoS (runtime only,
silent)
And why is the sink page resulting in a silent DoS here?
Juergen
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
