From mboxrd@z Thu Jan  1 00:00:00 1970
From: Manish Jaggi <mjaggi@caviumnetworks.com>
Subject: Re: [RFC PATCH v2 13/22] xen/arm: its: Add virtual ITS
 command support
Date: Wed, 29 Apr 2015 18:38:22 +0530
Message-ID: <5540D7C6.1030009@caviumnetworks.com>
References: <1426775889-29442-1-git-send-email-vijay.kilari@gmail.com>	<1426775889-29442-14-git-send-email-vijay.kilari@gmail.com>	<55114EFA.9050304@linaro.org>	<CALicx6saxGyht=m28Z+K0fy6LBCxwpguDS7VRBQUbbEPe54LBQ@mail.gmail.com>	<55197005.7090408@linaro.org>	<1427888815.2115.279.camel@citrix.com>	<551BDE4C.9030109@citrix.com>	<1427966007.4037.14.camel@citrix.com>	<551D2298.2060302@citrix.com>	<1427973539.4037.52.camel@citrix.com>	<551D4888.1020309@gmail.com>	<CALicx6u7-gHT+v9j16D1zS3QE+A6_dAV8fgXDNka3CicMUf9LQ@mail.gmail.com>	<alpine.DEB.2.02.1504281054490.2640@kaball.uk.xensource.com>	<553F6271.4010308@citrix.com>	<CALicx6vgbre5DX2nmfog2Lzgkx5_Viw397JqUMsfmstK1tLRSg@mail.gmail.com>	<553FB23F.7090200@citrix.com>	<CALicx6teBqnjTrov0TcZQW12C=W0rqLDmcqV-J-PfiAH3n0bHg@mail.gmail.com>	<5540C6D
 5.9020400@citrix.com>	<5540CA9B.6020102@caviumnetworks.com>
	<5540CCB7.7050105@citrix.com> <5540CFA7.6080203@caviumnetworks.com>
	<5540D624.9030200@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <5540D624.9030200@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Julien Grall <julien.grall@citrix.com>, Vijay Kilari <vijay.kilari@gmail.com>
Cc: Ian Campbell <ian.campbell@citrix.com>, Stefano Stabellini <stefano.stabellini@eu.citrix.com>, Prasun Kapoor <Prasun.Kapoor@caviumnetworks.com>, Vijaya Kumar K <vijaya.kumar@caviumnetworks.com>, Julien Grall <julien.grall@linaro.org>, Tim Deegan <tim@xen.org>, "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>, Stefano Stabellini <stefano.stabellini@citrix.com>, manish.jaggi@caviumnetworks.com
List-Id: xen-devel@lists.xenproject.org



On Wednesday 29 April 2015 06:31 PM, Julien Grall wrote:
> On 29/04/15 13:33, Manish Jaggi wrote:
>> On Wednesday 29 April 2015 05:51 PM, Julien Grall wrote:
>>> On 29/04/15 13:12, Manish Jaggi wrote:
>>>>>> and that too ITS is not in critical path. It is only used when
>>>>>> configuring interrupts of the device?
>>>>> You need to think about security... Even though the ITS should only
>>>>> be used for configuring interrupts, a malicious guest could try to
>>>>> exploit weakness in the emulation.
>>>> Can you describe the scenario ?
>>> I already wrote several times the possible security impacts of the
>>> polling solution... Please read again the previous mails.
>> I see your comment "The vITS emulates hardware for a specific domain. A
>> malicious guest could send request to a not own device"
>> This scenario cannot happen as guest sbdf is converted to physical sbdf
>> based on the domain. So if it does not own a device it would be treated
>> as invalid command.
> Can you point the code in this patch series that implement what you
> said? From what I read, you just forward the command to the physical ITS
> as long as the guest called MAPD to the device.
>
>> Do you have any other security concern ?
> Yes. The one we talked in every mail since the beginning of this thread
> "polling in EL2". We got several XSA because the hypervisor code wasn't
> preemptible (see [1])
>
We are removing polling using command processing completion which is 
signalled using INT interrupt.
> [1] http://xenbits.xen.org/xsa/advisory-97.html
>