On 16/12/2019 08:24, Jürgen Groß wrote:
> On 16.12.19 06:58, Tian, Kevin wrote:
>>> From: Jürgen Groß
>>> Sent: Friday, December 13, 2019 11:36 PM
>>>
>>> On 13.12.19 15:45, Jan Beulich wrote:
On 13.12.2019 15:24, Jürgen Groß wrote:
> On 13.12.19 15:11, Jan Beulich wrote:
>> On 13.12.
On 16.12.19 06:58, Tian, Kevin wrote:
From: Jürgen Groß
Sent: Friday, December 13, 2019 11:36 PM
On 13.12.19 15:45, Jan Beulich wrote:
On 13.12.2019 15:24, Jürgen Groß wrote:
On 13.12.19 15:11, Jan Beulich wrote:
On 13.12.2019 14:46, Jürgen Groß wrote:
On 13.12.19 14:38, Jan Beulich wrote:
> From: Tian, Kevin
> Sent: Monday, December 16, 2019 1:58 PM
>
> > From: Jürgen Groß
> > Sent: Friday, December 13, 2019 11:36 PM
> >
> > On 13.12.19 15:45, Jan Beulich wrote:
> > > On 13.12.2019 15:24, Jürgen Groß wrote:
> > >> On 13.12.19 15:11, Jan Beulich wrote:
> > >>> On 13.12.2019 14:46,
> From: Roger Pau Monné
> Sent: Friday, December 13, 2019 10:13 PM
>
> On Fri, Dec 13, 2019 at 01:53:29PM +0100, Jan Beulich wrote:
> > Containing still in flight DMA was introduced to work around certain
> > devices / systems hanging hard upon hitting an IOMMU fault. Passing
> > through (such) d
> From: Jürgen Groß
> Sent: Friday, December 13, 2019 11:36 PM
>
> On 13.12.19 15:45, Jan Beulich wrote:
> > On 13.12.2019 15:24, Jürgen Groß wrote:
> >> On 13.12.19 15:11, Jan Beulich wrote:
> >>> On 13.12.2019 14:46, Jürgen Groß wrote:
> On 13.12.19 14:38, Jan Beulich wrote:
> > On 13.
On 13.12.2019 16:35, Jürgen Groß wrote:
> On 13.12.19 15:45, Jan Beulich wrote:
>> On 13.12.2019 15:24, Jürgen Groß wrote:
>>> On 13.12.19 15:11, Jan Beulich wrote:
On 13.12.2019 14:46, Jürgen Groß wrote:
> On 13.12.19 14:38, Jan Beulich wrote:
>> On 13.12.2019 14:31, Jürgen Groß wrote
On 13.12.19 15:45, Jan Beulich wrote:
On 13.12.2019 15:24, Jürgen Groß wrote:
On 13.12.19 15:11, Jan Beulich wrote:
On 13.12.2019 14:46, Jürgen Groß wrote:
On 13.12.19 14:38, Jan Beulich wrote:
On 13.12.2019 14:31, Jürgen Groß wrote:
Maybe I have misunderstood the current state, but I though
On 13.12.2019 15:24, Jürgen Groß wrote:
> On 13.12.19 15:11, Jan Beulich wrote:
>> On 13.12.2019 14:46, Jürgen Groß wrote:
>>> On 13.12.19 14:38, Jan Beulich wrote:
On 13.12.2019 14:31, Jürgen Groß wrote:
> Maybe I have misunderstood the current state, but I thought that it
> would jus
On 13.12.2019 15:29, Jürgen Groß wrote:
> On 13.12.19 15:23, Jan Beulich wrote:
>> On 13.12.2019 14:53, Durrant, Paul wrote:
>>> Since *not* having the 'sink' page allows a guest pull off a host DoS
>>> in the presence of such h/w, security is surely increased by having it?
>>
>> host devic
On 13.12.19 15:23, Jan Beulich wrote:
On 13.12.2019 14:53, Durrant, Paul wrote:
Since *not* having the 'sink' page allows a guest pull off a host DoS
in the presence of such h/w, security is surely increased by having it?
hostdevice result w/o sink result w/ sink
g
On 13.12.19 15:11, Jan Beulich wrote:
On 13.12.2019 14:46, Jürgen Groß wrote:
On 13.12.19 14:38, Jan Beulich wrote:
On 13.12.2019 14:31, Jürgen Groß wrote:
Maybe I have misunderstood the current state, but I thought that it
would just silently hide quirky devices without imposing a security
ri
On 13.12.2019 14:53, Durrant, Paul wrote:
> Since *not* having the 'sink' page allows a guest pull off a host DoS
> in the presence of such h/w, security is surely increased by having it?
hostdevice result w/o sink result w/ sink
goodgoodgood
On 13.12.2019 14:46, Jürgen Groß wrote:
> On 13.12.19 14:38, Jan Beulich wrote:
>> On 13.12.2019 14:31, Jürgen Groß wrote:
>>> Maybe I have misunderstood the current state, but I thought that it
>>> would just silently hide quirky devices without imposing a security
>>> risk. We would not learn whi
On Fri, Dec 13, 2019 at 01:53:29PM +0100, Jan Beulich wrote:
> Containing still in flight DMA was introduced to work around certain
> devices / systems hanging hard upon hitting an IOMMU fault. Passing
> through (such) devices (on such systems) is inherently insecure (as
> guests could easily arran
rant ; Ian Jackson ; xen-
> de...@lists.xenproject.org; Roger Pau Monné
> Subject: Re: [Xen-devel] [PATCH v2] IOMMU: make DMA containment of
> quarantined devices optional
>
> On 13.12.19 14:38, Jan Beulich wrote:
> > On 13.12.2019 14:31, Jürgen Groß wrote:
> >> On 13.12.19 14:2
On 13.12.19 14:38, Jan Beulich wrote:
On 13.12.2019 14:31, Jürgen Groß wrote:
On 13.12.19 14:21, Jan Beulich wrote:
On 13.12.2019 14:11, Jürgen Groß wrote:
On 13.12.19 13:53, Jan Beulich wrote:
Containing still in flight DMA was introduced to work around certain
devices / systems hanging hard
On 13.12.2019 14:31, Jürgen Groß wrote:
> On 13.12.19 14:21, Jan Beulich wrote:
>> On 13.12.2019 14:11, Jürgen Groß wrote:
>>> On 13.12.19 13:53, Jan Beulich wrote:
Containing still in flight DMA was introduced to work around certain
devices / systems hanging hard upon hitting an IOMMU fa
On 13.12.2019 14:29, Durrant, Paul wrote:
>> From: Jan Beulich
>> Sent: 13 December 2019 13:26
>>
>> On 13.12.2019 14:12, Durrant, Paul wrote:
From: Xen-devel On Behalf Of Jan
Beulich
Sent: 13 December 2019 12:53
+#define IOMMU_quarantine_none 0
+#define IOMMU_quara
On 13.12.19 14:21, Jan Beulich wrote:
On 13.12.2019 14:11, Jürgen Groß wrote:
On 13.12.19 13:53, Jan Beulich wrote:
Containing still in flight DMA was introduced to work around certain
devices / systems hanging hard upon hitting an IOMMU fault. Passing
through (such) devices (on such systems) i
> >> Beulich
> >> Sent: 13 December 2019 12:53
> >> To: xen-devel@lists.xenproject.org
> >> Cc: Juergen Gross ; Kevin Tian ;
> >> Stefano Stabellini ; Julien Grall
> >> ; Wei Liu ; Konrad Wilk
> >> ; George Dunlap ;
> >> A
; Julien Grall
>> ; Wei Liu ; Konrad Wilk
>> ; George Dunlap ;
>> Andrew Cooper ; Paul Durrant ;
>> Ian Jackson ; Roger Pau Monné
>>
>> Subject: [Xen-devel] [PATCH v2] IOMMU: make DMA containment of quarantined
>> devices optional
>>
>> Containing
On 13.12.2019 14:11, Jürgen Groß wrote:
> On 13.12.19 13:53, Jan Beulich wrote:
>> Containing still in flight DMA was introduced to work around certain
>> devices / systems hanging hard upon hitting an IOMMU fault. Passing
>> through (such) devices (on such systems) is inherently insecure (as
>> gu
On 13.12.19 13:53, Jan Beulich wrote:
Containing still in flight DMA was introduced to work around certain
devices / systems hanging hard upon hitting an IOMMU fault. Passing
through (such) devices (on such systems) is inherently insecure (as
guests could easily arrange for IOMMU faults to occur)
Cooper ; Paul Durrant ;
> Ian Jackson ; Roger Pau Monné
>
> Subject: [Xen-devel] [PATCH v2] IOMMU: make DMA containment of quarantined
> devices optional
>
> Containing still in flight DMA was introduced to work around certain
> devices / systems hanging hard upon hitting a
Containing still in flight DMA was introduced to work around certain
devices / systems hanging hard upon hitting an IOMMU fault. Passing
through (such) devices (on such systems) is inherently insecure (as
guests could easily arrange for IOMMU faults to occur). Defaulting to
a mode where admins may
25 matches
Mail list logo
