Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

>>> On 15.09.15 at 03:17, wrote: >> > But looks its not better, so any idea? >> >> Did you at least make an attempt to find other examples of where >> we dynamically determine the log level to be used for a message? >> I would assume that if you did, you'd have come to >>

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

On Tue, Sep 15, 2015 at 09:17:07AM +0800, Chen, Tiejun wrote: > >>But looks its not better, so any idea? > > > >Did you at least make an attempt to find other examples of where > >we dynamically determine the log level to be used for a message? > >I would assume that if you did, you'd have come to

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

>>> On 14.09.15 at 08:24, wrote: >> OK, that explanation is fine to me as long as it's made clear no >> security guarantee once admin uses 'relax' for any domain. Tiejun >> could you resend patch with right warning/error type? >> > > Sure, but a little bit makes me

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

But looks its not better, so any idea? Did you at least make an attempt to find other examples of where we dynamically determine the log level to be used for a message? I would assume that if you did, you'd have come to printk(XENLOG_GUEST "%s" VTDPREFIX I didn't know this tip

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

> From: Chen, Tiejun > Sent: Monday, September 14, 2015 2:25 PM > > > OK, that explanation is fine to me as long as it's made clear no > > security guarantee once admin uses 'relax' for any domain. Tiejun > > could you resend patch with right warning/error type? > > > > Sure, but a little bit

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

> From: Chen, Tiejun > Sent: Wednesday, September 09, 2015 10:00 AM > > Currently we don't allow passing through any group devices which are > sharing same RMRR entry since it would break security among VMs. And > indeed, we expect we can figure out a better way to handle this kind > of case

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

OK, that explanation is fine to me as long as it's made clear no security guarantee once admin uses 'relax' for any domain. Tiejun could you resend patch with right warning/error type? Sure, but a little bit makes me confused when I'm trying to address this. Actually most messages are same,

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

On Mon, Sep 14, 2015 at 06:59:56AM +, Tian, Kevin wrote: > > From: Chen, Tiejun > > Sent: Wednesday, September 09, 2015 10:00 AM > > > > Currently we don't allow passing through any group devices which are > > sharing same RMRR entry since it would break security among VMs. And > > indeed, we

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

>>> On 11.09.15 at 01:22, wrote: > Sorry it's a bad example. My actual concern is that we can't count > on this per-VM relax/strict policy to prevent group devices assigned > to different VM. In that case it's definitely a security hole since > one VM may clobber shared RMRR

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

> From: Jan Beulich [mailto:jbeul...@suse.com] > Sent: Friday, September 11, 2015 4:56 PM > > >>> On 11.09.15 at 01:22, wrote: > > Sorry it's a bad example. My actual concern is that we can't count > > on this per-VM relax/strict policy to prevent group devices assigned > >

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

On Thu, Sep 10, 2015 at 02:09:39AM -0600, Jan Beulich wrote: > >>> On 10.09.15 at 07:23, wrote: > >> From: Jan Beulich [mailto:jbeul...@suse.com] > >> Sent: Wednesday, September 09, 2015 2:55 PM > >> > >> >>> On 09.09.15 at 03:59, wrote: > >> > @@

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

>>> On 10.09.15 at 07:23, wrote: >> From: Jan Beulich [mailto:jbeul...@suse.com] >> Sent: Wednesday, September 09, 2015 2:55 PM >> >> >>> On 09.09.15 at 03:59, wrote: >> > @@ -2310,12 +2312,16 @@ static int intel_iommu_assign_device( >> >

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

Den 10. sep. 2015 08:06, skrev Tian, Kevin: >> From: Chen, Tiejun >> Sent: Thursday, September 10, 2015 1:47 PM >> >> But recently someone was encountering this problem. >> >> http://www.gossamer-threads.com/lists/xen/devel/391684?page=last >> >> We'd better figure out a simple way to this

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

Den 10. sep. 2015 13:04, skrev Håkon Alstadheim: > Den 10. sep. 2015 08:06, skrev Tian, Kevin: >>> From: Chen, Tiejun >>> Sent: Thursday, September 10, 2015 1:47 PM >>> >>> But recently someone was encountering this problem. >>> >>> http://www.gossamer-threads.com/lists/xen/devel/391684?page=last

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

> From: Chen, Tiejun > Sent: Friday, September 11, 2015 8:56 AM > > >> > > Need to have separate warning/error level for relax/strict. > >> > > > >> > > However I don't think this patch is a right fix. So far relax/strict > >> > > policy > >> > > is per-domain. what about one VM specifies relax

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

> > Need to have separate warning/error level for relax/strict. > > > > However I don't think this patch is a right fix. So far relax/strict policy > > is per-domain. what about one VM specifies relax while another VM > > specifies strict when each is assigned with a device sharing rmrr > > with

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

> From: Wei Liu [mailto:wei.l...@citrix.com] > Sent: Thursday, September 10, 2015 6:37 PM > > On Thu, Sep 10, 2015 at 02:09:39AM -0600, Jan Beulich wrote: > > >>> On 10.09.15 at 07:23, wrote: > > >> From: Jan Beulich [mailto:jbeul...@suse.com] > > >> Sent: Wednesday,

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

> From: Chen, Tiejun > Sent: Friday, September 11, 2015 10:21 AM > > >> >> > > However I don't think this patch is a right fix. So far > >> >> > > relax/strict policy > >> >> > > is per-domain. what about one VM specifies relax while another VM > >> >> > > specifies strict when each is assigned

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

>> > > However I don't think this patch is a right fix. So far relax/strict policy >> > > is per-domain. what about one VM specifies relax while another VM >> > > specifies strict when each is assigned with a device sharing rmrr >> > > with the other? In that case it becomes a system-wide

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

> From: Chen, Tiejun > Sent: Thursday, September 10, 2015 1:47 PM > > > Need to have separate warning/error level for relax/strict. > > > > However I don't think this patch is a right fix. So far relax/strict policy > > is per-domain. what about one VM specifies relax while another VM > >

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

>>> On 09.09.15 at 03:59, wrote: > @@ -2310,12 +2312,16 @@ static int intel_iommu_assign_device( > PCI_DEVFN2(bdf) == devfn && > rmrr->scope.devices_cnt > 1 ) > { > -printk(XENLOG_G_ERR VTDPREFIX > - "

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

On 9/9/2015 2:54 PM, Jan Beulich wrote: On 09.09.15 at 03:59, wrote: @@ -2310,12 +2312,16 @@ static int intel_iommu_assign_device( PCI_DEVFN2(bdf) == devfn && rmrr->scope.devices_cnt > 1 ) { -printk(XENLOG_G_ERR VTDPREFIX

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

> From: Jan Beulich [mailto:jbeul...@suse.com] > Sent: Wednesday, September 09, 2015 2:55 PM > > >>> On 09.09.15 at 03:59, wrote: > > @@ -2310,12 +2312,16 @@ static int intel_iommu_assign_device( > > PCI_DEVFN2(bdf) == devfn && > >

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

Need to have separate warning/error level for relax/strict. However I don't think this patch is a right fix. So far relax/strict policy is per-domain. what about one VM specifies relax while another VM specifies strict when each is assigned with a device sharing rmrr with the other? In that case

[Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

Currently we don't allow passing through any group devices which are sharing same RMRR entry since it would break security among VMs. And indeed, we expect we can figure out a better way to handle this kind of case completely. But before the group assignment gets implemented, we might make this