Re: [PATCH] XSA-77: widen scope again

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Wei Liu <wei.liu2@citrix.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>,
	Wei Liu <wei.liu2@citrix.com>,
	George Dunlap <George.Dunlap@eu.citrix.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	Ian Jackson <Ian.Jackson@eu.citrix.com>, Tim Deegan <tim@xen.org>,
	xen-devel <xen-devel@lists.xenproject.org>
Subject: Re: [PATCH] XSA-77: widen scope again
Date: Mon, 9 May 2016 11:56:05 +0100	[thread overview]
Message-ID: <20160509105605.GS2111@citrix.com> (raw)
In-Reply-To: <5730752802000078000E95BE@prv-mh.provo.novell.com>

On Mon, May 09, 2016 at 03:31:52AM -0600, Jan Beulich wrote:
> >>> On 06.05.16 at 16:26, <wei.liu2@citrix.com> wrote:
> > On Fri, Apr 29, 2016 at 03:35:51AM -0600, Jan Beulich wrote:
> >> As discussed on the hackathon, avoid us having to issue security
> >> advisories for issues affecting only heavily disaggregated tool stack
> >> setups, which no-one appears to use (or else they should step up to get
> >> things into shape).
> >> 
> >> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> >> ---
> >> As we want to retain supported status of stubdom qemu: Does qemu use
> >> any others when use in a stub domain?
> >> 
> >> --- a/docs/misc/xsm-flask.txt
> >> +++ b/docs/misc/xsm-flask.txt
> >> @@ -59,68 +59,16 @@ http://www.xenproject.org/security-polic 
> >>  
> >>  __HYPERVISOR_domctl (xen/include/public/domctl.h)
> >>  
> >> - The following subops are covered by this statement. subops not listed
> >> - here are considered safe for disaggregation.
> >> + All subops except for the following are covered by this statement.
> > 
> > Since the list is inversed now (subops listed here are safe for
> > disaggregation, correct me if I'm wrong).
> 
> Yes, the sense of the list gets inverted.
> 
> >> - * XEN_DOMCTL_pin_mem_cacheattr
> > 
> > QEMU (stubdom or not) uses this to pin cache attribute of vram. Since we
> > want to support QEMU stubdom, we might want this in the list.
> 
> We'd want this, indeed, but we can't add it right away, as it has
> issues. For one, there's no bounding on the number of ranges
> that may get added (which is relatively easy to deal with; aiui
> qemu really only wants to add a single range). And then there is

Yes, correct.

> the question which trees are really meant to be covered by this
> doc: -unstable has (I hope; would need to be double checked by
> someone) become safe only with commit 0acc7010ac ("x86/HVM:
> honor cache attribute pinning for RAM only", which so far I didn't
> even put on my to-be-backported list), and only when WB is
> being passed as attribute.
> 
> But note that by not having it on the list for now, things don't
> change: As per the original XSA-77, the operation was deemed
> disaggregation unsafe (and hence by implication its use in stub
> domains made stub domains an unsafe / unsupported environment)
> anyway. IOW this consideration is orthogonal to the purpose of
> the patch we're discussing.
> 

Makes sense.

Wei.

> Jan
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

next prev parent reply	other threads:[~2016-05-09 10:56 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-04-29  9:35 [PATCH] XSA-77: widen scope again Jan Beulich
2016-05-06  8:12 ` Ping: " Jan Beulich
2016-05-09 16:19   ` George Dunlap
2016-05-10  6:41     ` Jan Beulich
2016-05-06 14:26 ` Wei Liu
2016-05-09  9:31   ` Jan Beulich
2016-05-09 10:56     ` Wei Liu [this message]
2016-05-09 11:18       ` Jan Beulich
2016-05-09 11:20         ` Wei Liu
2016-05-09 14:16 ` Andrew Cooper

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160509105605.GS2111@citrix.com \
    --to=wei.liu2@citrix.com \
    --cc=George.Dunlap@eu.citrix.com \
    --cc=Ian.Jackson@eu.citrix.com \
    --cc=JBeulich@suse.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=sstabellini@kernel.org \
    --cc=tim@xen.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.