Xen project Mailing List

Re: [PATCH v2 5/8] x86/iommu: the code addressing CVE-2011-1898 is VT-d specific

To: Xenia Ragiadakou <burzalodowa@xxxxxxxxx>

Date: Thu, 12 Jan 2023 13:01:54 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=z5xqAFELM6aeYRPpdl2iJ0uN5YRwxvbcSRYvU8IYJrA=; b=dy1RfBJUlMAii7gQ0y8Vet9+1T2XriaOj0PETE4ecuahZWWGb9uwe2NKe3z+GOTnIj0QVsgopIECC30/AMraaZz9UzPKmhz8PtdVf0xGv3Hkd2EInm2WUaxd+eDEx+jzmscmjDpcfdwUjSMz/Myf88gt4znLQLzW5MrsXF9JDaappILjkZnVfj7PS7MIYJ0VUK1ViWqIZ0TxhW/5wejIdQmhSoDQm8sgj3WS6uP8fpixggWDJWeqknvF4gbz4n9qb5y3dPZp7TDEjDC1ZsjCTV8UX3OOMFMqRHi+x90NQ9khMtQXgI2htxDIbyzmYsNHksGprSYT6/IpDtEByXC/XA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jUKktZSxN0XogMcel4W4RqwZNc8E5YPKahgi0z7g1bEpmrjViS7R80xY+uPVXCVFxJJuuIZBfOvzhZ89TeZxzLxxAjp7VPnlVNf3lAMgHhEq8nRuKEGhaiPfGTtGNH4JvhekXtPkpGZPapoMq2PjLveJiseAnNlhWg4Ht+t9EBEVG5S1bbLQMxUrBo8+8/b/i0KNlOMm54a/xJSCZESo9CJU50m98zgA6fgoQhhE3FnpBov6GydgE4c045e1rA020Ghkxw134dkOwY7mPmVBIrh6foQ0ghOarD9boiYArGTv9mxlXHDFgXBwRrRcJx9BLpTGQYatl1Lp0Vit79OiFg==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Thu, 12 Jan 2023 12:02:04 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 04.01.2023 09:44, Xenia Ragiadakou wrote: > The variable untrusted_msi indicates whether the system is vulnerable to > CVE-2011-1898. This vulnerablity is VT-d specific. As per the reply by Andrew to v1, this vulnerability is generic to intremap- incapable or intremap-disabled configurations. You want to say so. In turn I wonder whether instead of the changes you're making you wouldn't want to move the definition of the variable to xen/drivers/passthrough/x86/iommu.c. A useful further step might be to guard its definition (not necessarily its declaration; see replies to earlier patches) by CONFIG_PV instead (of course I understand that's largely orthogonal to your series here, yet it would fit easily with moving the definition). > --- a/xen/arch/x86/include/asm/iommu.h > +++ b/xen/arch/x86/include/asm/iommu.h > @@ -127,7 +127,9 @@ int iommu_identity_mapping(struct domain *d, p2m_access_t > p2ma, > unsigned int flag); > void iommu_identity_map_teardown(struct domain *d); > > +#ifdef CONFIG_INTEL_IOMMU > extern bool untrusted_msi; > +#endif As per above / earlier comments I don't think this part is needed in any event. > --- a/xen/arch/x86/pv/hypercall.c > +++ b/xen/arch/x86/pv/hypercall.c > @@ -193,8 +193,10 @@ void pv_ring1_init_hypercall_page(void *p) > > void do_entry_int82(struct cpu_user_regs *regs) > { > +#ifdef CONFIG_INTEL_IOMMU > if ( unlikely(untrusted_msi) ) > check_for_unexpected_msi((uint8_t)regs->entry_vector); > +#endif > > _pv_hypercall(regs, true /* compat */); > } > diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S > index ae01285181..8f2fb36770 100644 > --- a/xen/arch/x86/x86_64/entry.S > +++ b/xen/arch/x86/x86_64/entry.S > @@ -406,11 +406,13 @@ ENTRY(int80_direct_trap) > .Lint80_cr3_okay: > sti > > +#ifdef CONFIG_INTEL_IOMMU > cmpb $0,untrusted_msi(%rip) > UNLIKELY_START(ne, msi_check) > movl $0x80,%edi > call check_for_unexpected_msi > UNLIKELY_END(msi_check) > +#endif > > movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx >

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.