From mboxrd@z Thu Jan  1 00:00:00 1970
From: Wei Liu <wei.liu2@citrix.com>
Subject: Re: Requesting for freeze exception for VT-d
	posted-interrupts
Date: Tue, 14 Jul 2015 16:02:58 +0100
Message-ID: <20150714150258.GO4152@zion.uk.xensource.com>
References: <E959C4978C3B6342920538CF579893F002608531@SHSMSX104.ccr.corp.intel.com>
	<20150713110041.GD4108@zion.uk.xensource.com>
	<E959C4978C3B6342920538CF579893F00260D563@SHSMSX104.ccr.corp.intel.com>
	<20150714092158.GB4152@zion.uk.xensource.com>
	<55A4FBEB020000780009090C@mail.emea.novell.com>
	<20150714141740.GJ4152@zion.uk.xensource.com>
	<55A53CF60200007800090D1C@mail.emea.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Content-Disposition: inline
In-Reply-To: <55A53CF60200007800090D1C@mail.emea.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: Kevin Tian <kevin.tian@intel.com>, Wei Liu <wei.liu2@citrix.com>, George Dunlap <george.dunlap@eu.citrix.com>, "andrew.cooper3@citrix.com" <andrew.cooper3@citrix.com>, Yong Y Wang <yong.y.wang@intel.com>, "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>, Yang Z Zhang <yang.z.zhang@intel.com>, Feng Wu <feng.wu@intel.com>
List-Id: xen-devel@lists.xenproject.org

On Tue, Jul 14, 2015 at 03:46:46PM +0100, Jan Beulich wrote:
> >>> On 14.07.15 at 16:17, <wei.liu2@citrix.com> wrote:
> > On Tue, Jul 14, 2015 at 11:09:15AM +0100, Jan Beulich wrote:
> >> >>> On 14.07.15 at 11:21, <wei.liu2@citrix.com> wrote:
> >> > On Tue, Jul 14, 2015 at 05:51:02AM +0000, Wu, Feng wrote:
> >> >> Is it possible to get to 4.6 if making this feature default off?
> >> > 
> >> > Note that I'm not the only one who makes the decision and I can't speak
> >> > for maintainers. The first thing you ought to do is to convince
> >> > maintainers, not me.
> >> > 
> >> > If you ask for my opinion -- I don't see a point in releasing feature
> >> > with security flaw in design, even if it is off by default. 
> >> 
> >> It was actually me who suggested that by flagging this experimental
> >> and defaulting it to off, chances would increase for this to be allowed
> >> in without said issue fixed.
> > 
> > Are you satisfied with that?  Currently I only know from this email
> > there is concern with regard to security but I don't know what it is and
> > how big an impact it can possibly have.
> > 
> > I could maybe go dig up that series and try to understand what is the
> > security implication, but it would take a long time and I'm not sure I
> > have the right technical background to make the call.
> 
> The thing is that the way vCPU-s are being put on lists attached to
> pCPU-s, in a pathological case (which can be "helped" by a malicious
> tool stack) all vCPU-s could pile up on one such list. List traversal (in
> an interrupt handler) could then take (almost) arbitrarily long.

You mentioned "malicious toolstack", does that mean this feature, if on,
doesn't expose new attack vector to malicious guest?

And what do you mean by "malicious toolstack"? I don't see patches
related to toolstack.

> 
> Otoh one wouldn't expect lists to grow too large on well behaved,
> properly operating systems. And hence for the sake of experimenting
> with the feature or even using it in known well behaved production
> environments it would seem reasonable to allow the feature to be
> there.
> 

Right.

Wei.

> Jan