Xen project Mailing List

Re: [PATCH v3 5/8] x86/iommu: make code addressing CVE-2011-1898 no VT-d specific

To: Xenia Ragiadakou <burzalodowa@xxxxxxxxx>

Date: Mon, 16 Jan 2023 17:49:19 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UI5K4YPy1l5f7L/GJZQp0OCjTek+/dcxDN58TYa2PXw=; b=YxC7VXIK3blNjJQ9tGj+9v+LG41CHAMGrTtAH510xAYZatmxSp/ymcmULZ/ISpndQEYtHJ4IQl0GkURf5pmHAq/+mSJMEcbPT7H+acH8wP0D9p5jMltoo1PJYxYZDsMliARsAdiBwTk8cHOD6yLXEM7STTfpCc2XVB05F+l9L+C59EGmrJyaZ1CpkFspYzDosljLhmsdyRF+cfSVntD9aNdF6jxfB6xhA1+GAAKk8usK35AwJdDWbfwuWLYY0cMTYv+W21Ooq95giE15AhOIOY7gVR3Zs2yWKREuhEa6FzjbYJ21iebF2IQCqvMYXRtou3vZo0tzA/9r1skj+f8MOg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JgcKWelc0TVMh1ZUITNcznowlJTGOC06qdiVB2AGUUBLlOpe4ScJMYDR3/v9HI6WugdzsziVjK26cxjVoDwA4YiSnpiNrwg5TDtD8twjOr2vWCHkZ9WoeCtO1UKSk/fibt9qhyNyDipr1K5lrLpjzT8sQosYCjJrCN+4vupXvO5Uc0zvA1ftwMAP+Kz74slYUPnrzMHe0Fml33kmCtJbS4Nf5gubQWAIcshwE+blsobhC947Jjb6Nw/wL/jmj+jtk5nZQQHX8n3fG7twqsJ4bTDr7LnJ6/brPCuOlBPJyHG67K1Gt+VDdyy/oaRB4XXpKUFuB0XrDFGR09s3B0ebXw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Mon, 16 Jan 2023 16:49:30 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 16.01.2023 08:21, Xenia Ragiadakou wrote: > On 1/16/23 09:04, Xenia Ragiadakou wrote: >> The variable untrusted_msi indicates whether the system is vulnerable to >> CVE-2011-1898 due to the absence of interrupt remapping support. >> AMD iommus with interrupt remapping disabled are also exposed. It would probably help if you mentioned here explicitly that, while affected, we don't handle that yet (the code setting the flag would either need to move out of VT-d specific space, or be cloned accordingly). >> Therefore move the definition of the variable to the common x86 iommu code. >> >> Also, since the current implementation assumes that only PV guests are prone >> to this attack, take the opportunity to define untrusted_msi only when PV is >> enabled. >> >> No functional change intended. >> >> Signed-off-by: Xenia Ragiadakou <burzalodowa@xxxxxxxxx> >>[...] > > Here, somehow I missed the part: > diff --git a/xen/drivers/passthrough/vtd/iommu.c > b/xen/drivers/passthrough/vtd/iommu.c > index dae2426cb9..e97b1fe8cd 100644 > --- a/xen/drivers/passthrough/vtd/iommu.c > +++ b/xen/drivers/passthrough/vtd/iommu.c > @@ -2767,6 +2767,7 @@ static int cf_check reassign_device_ownership( > if ( !has_arch_pdevs(target) ) > vmx_pi_hooks_assign(target); > > +#ifdef CONFIG_PV > /* > * Devices assigned to untrusted domains (here assumed to be > any domU) > * can attempt to send arbitrary LAPIC/MSI messages. We are > unprotected > @@ -2775,6 +2776,7 @@ static int cf_check reassign_device_ownership( > if ( !iommu_intremap && !is_hardware_domain(target) && > !is_system_domain(target) ) > untrusted_msi = true; > +#endif > > ret = domain_context_mapping(target, devfn, pdev); > > I will fix it in the next version. > With that added (and preferably the description clarified) Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.