From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Marcus Osdoba <marcus.osdoba@googlemail.com>
Cc: "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: IOMMU/AMD-Vi not working after XSA-36 with 970A-UD3
Date: Sat, 4 May 2013 16:25:17 +0100 [thread overview]
Message-ID: <5185285D.6010709@citrix.com> (raw)
In-Reply-To: <51841CBF.3040305@googlemail.com>
On 03/05/2013 21:23, Marcus Osdoba wrote:
> Dear mailinglist,
>
> I own a Gigabyte motherboard GA 970A UD3 with IOMMU support. Since the
> update XSA-36 (also part of the latest debian wheezy pkg), the
> IO-Virtualisation does not work any more as discussed on this
> mailinglist [0] and [1].
>
> I like to ask, if there is an "official" solution in sight.
XSA-36 is the "official" solution, and is correct from a security point
of view. From what I understand, the root cause of the problem you have
is due to bad ACPI tables from the BIOS.
>
> I'm not sure about my alternatives. How "dangerous" is the mentioned IRQ
> sharing in [1]? May I just live with the NorthBridge disabled IOAPIC?
If you are the admin of all the VMs, or trust the admin of all the VMs,
then it is fine. The danger is that an untrusted admin can use the
problems to launch a DoS against other VMs on the system.
~Andrew
>
>
> [0] http://lists.xen.org/archives/html/xen-devel/2013-03/msg01016.html
> [1] http://lists.xen.org/archives/html/xen-devel/2013-04/msg02349.html
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2013-05-04 15:25 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-03 20:23 IOMMU/AMD-Vi not working after XSA-36 with 970A-UD3 Marcus Osdoba
2013-05-04 15:25 ` Andrew Cooper [this message]
-- strict thread matches above, loose matches on Subject: below --
2013-05-04 0:09 Eric Shelton
2013-05-04 10:20 ` Marcus Osdoba
2013-05-05 2:54 ` Eric Shelton
2013-05-05 12:43 ` Hans Mueller
2013-05-06 0:38 ` Eric Shelton
2013-05-05 12:15 ` Hans Mueller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5185285D.6010709@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=marcus.osdoba@googlemail.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.