| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Feb 2017 12:47:44 -0500
From: Boris Ostrovsky <boris.ostrovsky@...cle.com>
To: Roger Pau Monné <roger.pau@...rix.com>
Cc: JGross@...e.com, xen-devel@...ts.xenproject.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 5/9] xen/pvh: Prevent PVH guests from using PIC, RTC
and IOAPIC
On 02/02/2017 11:40 AM, Roger Pau Monné wrote:
> On Thu, Feb 02, 2017 at 11:30:19AM -0500, Boris Ostrovsky wrote:
>> On 02/02/2017 10:35 AM, Roger Pau Monné wrote:
>>> On Thu, Jan 26, 2017 at 02:41:28PM -0500, Boris Ostrovsky wrote:
>>>> Make sure they don't use these devices since they are not emulated
>>>> for unprivileged PVH guest.
>>> This description seems weird for what it's actually done. AFAICT you are not
>>> really preventing the guest from using the PIC or the IO APIC, because this is
>>> fetched from the MADT table (or should be fetched from there in any case).
>> This was meant to say that we don't want to use ACPI_IRQ_MODEL_[IOA]PIC
>> since we don't support SCI (which is expected on x86 to be one of the two).
> Hm, right. At some point (ie: when PCI-passthrough is implemented) we will be
> providing an IO APIC and a SCI through it. Or would we rather always use the
> event channel SCI?
Staying closer to bare-metal (i.e. doing it via IOAPIC) might be better
but then this would always require IOAPIC for PVH (because we'd want to
use SCI for hotplug too, if we ever get there).
-boris
Powered by blists - more mailing lists