[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v8 0/6] AMD/IOMMU: further work split from XSA-378


  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 22 Sep 2021 16:35:33 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=PUIBynGRaD4WhYXwQk0I8TmQPV2fkMGcbu5cWr+n9H8=; b=C0BIODhmbNDA7u4wM44W4HQlRQBKlOjtdto5vrRz/9fDjB12G6zZX+481dbojdNeauKDhjWfdgDMUYlzZBO7XCA0ocFEKtdIOJRA0566G6V/ihdt8hiEN0wmQBZMRx4EgxcOhHvyJskkxRqgb93bbfDTweJwDT427dhD6FxsAKv1oXcxQ9bO08mxwMmwLz1pjxbgs/jiVAyk9E3rM0XhYG97/xgGOatD6cWIm4OAe4YZbO4LWNHsnMbkS7Mi4s+BkLkeGRltxJ4+r2X21e5knmIgdAVmGo+ZAui9hRVAqmKrQHTe6hjzmWNWVYsbhIn+aCIpgzbJz0m5XlJM0GwugA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i9wKV06h+UOk80WmcgiNf44dt9xbVtplMA+/hl0US7J+YOsk47JIQNYLekUTA5GdCZCtEW7AjYZme0ky07fW5iJES4RzsjOp1t1FXmFThP6/XKd9HfXHxELaMfePVvgyQxVciFN1FCbf596wz0kkFqIJzEbMLyXElkmzRYShPZk1kc30S/v2IlRJ6bclOs2EbQ5v2b1GKbD+RQzE90+/OEN2FyF1bz+0Qzqpt1wAdIoOtAWODm+GkXL15SRmYaPOA3IiPBbtJUexUh3kyfrG0kC4oCnbnTUNCtoeNLGz5HqN8ROPGUjy0ZGD2QX1jsUWgKzgkqJ2X1RosisQj9aEgA==
  • Authentication-results: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>
  • Delivery-date: Wed, 22 Sep 2021 14:35:46 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Along the pieces that were determined to have security relevance
there are quite a few more fixes / improvements (or so I hope)
which were decided to not become part of the XSA itself.

1: obtain IVHD type to use earlier
2: improve (extended) feature detection
3: check IVMD ranges against host implementation limits
4: respect AtsDisabled device flag
5: pull ATS disabling earlier
6: expose errors and warnings unconditionally

Jan




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.