Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
xen.4507
53563ea4-x86-MSI-drop-workaround-for-insecure-D...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 53563ea4-x86-MSI-drop-workaround-for-insecure-Dom0-kernels.patch of Package xen.4507
# Commit 061eebe0e99ad45c9c3b1a778b06140de4a91f25 # Date 2014-04-22 12:04:20 +0200 # Author Jan Beulich <jbeulich@suse.com> # Committer Jan Beulich <jbeulich@suse.com> x86/MSI: drop workaround for insecure Dom0 kernels Considering that - the workaround is expensive (iterating through the entire P2M space of a domain), - the planned elimination of the expensiveness (by propagating the type change step by step to the individual P2M leaves) wouldn't address the IOMMU side of things (as for it to obey to the changed permissions the adjustments must be pushed down immediately through the entire tree) - the proper solution (PHYSDEVOP_msix_prepare) should by now be implemented by all security conscious Dom0 kernels remove the workaround, killing eventual guests that would be known to become a security risk instead. Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Kevin Tian <kevin.tian@intel.com> Index: xen-4.4.4-testing/xen/arch/x86/mm/p2m-ept.c =================================================================== --- xen-4.4.4-testing.orig/xen/arch/x86/mm/p2m-ept.c +++ xen-4.4.4-testing/xen/arch/x86/mm/p2m-ept.c @@ -680,7 +680,7 @@ static void ept_change_entry_type_global return; BUG_ON(p2m_is_grant(ot) || p2m_is_grant(nt)); - BUG_ON(ot != nt && (ot == p2m_mmio_direct || nt == p2m_mmio_direct)); + BUG_ON(p2m_is_mmio(ot) || p2m_is_mmio(nt)); ept_change_entry_type_page(_mfn(ept_get_asr(ept)), ept_get_wl(ept), ot, nt); Index: xen-4.4.4-testing/xen/arch/x86/msi.c =================================================================== --- xen-4.4.4-testing.orig/xen/arch/x86/msi.c +++ xen-4.4.4-testing/xen/arch/x86/msi.c @@ -834,32 +834,22 @@ static int msix_capability_init(struct p msix->pba.last) ) WARN(); - if ( dev->domain ) - p2m_change_entry_type_global(dev->domain, - p2m_mmio_direct, p2m_mmio_direct); - if ( desc && (!dev->domain || !paging_mode_translate(dev->domain)) ) + if ( desc ) { - struct domain *d = dev->domain; + struct domain *currd = current->domain; + struct domain *d = dev->domain ?: currd; - if ( !d ) - for_each_domain(d) - if ( !paging_mode_translate(d) && - (iomem_access_permitted(d, msix->table.first, - msix->table.last) || - iomem_access_permitted(d, msix->pba.first, - msix->pba.last)) ) - break; - if ( d ) - { - if ( !is_hardware_domain(d) && msix->warned != d->domain_id ) - { - msix->warned = d->domain_id; - printk(XENLOG_ERR - "Potentially insecure use of MSI-X on %04x:%02x:%02x.%u by Dom%d\n", - seg, bus, slot, func, d->domain_id); - } - /* XXX How to deal with existing mappings? */ - } + if ( !is_hardware_domain(currd) || d != currd ) + printk("%s use of MSI-X on %04x:%02x:%02x.%u by Dom%d\n", + is_hardware_domain(currd) + ? XENLOG_WARNING "Potentially insecure" + : XENLOG_ERR "Insecure", + seg, bus, slot, func, d->domain_id); + if ( !is_hardware_domain(d) && + /* Assume a domain without memory has no mappings yet. */ + (!is_hardware_domain(currd) || d->tot_pages) ) + domain_crash(d); + /* XXX How to deal with existing mappings? */ } } WARN_ON(msix->nr_entries != nr_entries);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor