Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp3777269ybi; Fri, 5 Jul 2019 13:50:49 -0700 (PDT) X-Google-Smtp-Source: APXvYqx29HRH5gqaSFHo4GdIUgdBKWOaWZthgbYenb78apG4zPw07T/6dEilJZwhVVzk7JB0jNnT X-Received: by 2002:a63:6fc9:: with SMTP id k192mr7467387pgc.20.1562359849517; Fri, 05 Jul 2019 13:50:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562359849; cv=none; d=google.com; s=arc-20160816; b=RR6AG0V6/CiFRCkupbbsMMD7pwhSP3WuY8mAIo3xHqsay6gizqb4JPcvuqnaaUpWj6 9IVB3VskO8jcgcQn0WxqrM6zuBfhbNm14q7Cj4V5xPhumQo2KN3T/h1hyeUYbU84DWEY f24pCILmyNtKB5tES+ZfgMDEs8NFUPZXZwsSDEx7ixj/ycE0ehGtYcfL+VOzCkzDWUh+ +rCPzDt+6wOX8s5pmII7uHhdrYosNs1VogK6sF5qqNVgFwiQCa0E/FH6SshS+nWJKNda m1/IWcsAq5vYERJMbgj7q2rLQqA5vYJoMfN0oxYbSA63RyNvbe5zV+0w8P/OusHVIp8Z 6EhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=DhIelk8kmwXi71pyBfRqWH0t2v9nJ6L+6y0uXZsU6K0=; b=UGiLugTAR0nB6ZKbn2njjrUOCn60l8hsv4lcoLWgod0BWoleleoNcRij3FkTqKnV7j zsq7mnXwzYazxSKSr4gDDMFohZwyCJa4HNrmkv+SIPE1DkgGaesHxjkKqZtL8deVwfR0 Njk5wYB/PQ+CnlH9jH83Fl+qDxA3dH+XkAejqMoZiSB7untdtZoh9+8nFbxKXf6rxY5L IOcuoVcoW5Dix1xcXD0KAA7qsnVBPpRWMLx41DwWVbJuEoZvwdPBmEBHNWofFC/84Ety Z7lFVIJfJAYe/WRw6cfZe9tkkcn2tnNIHFowMRr7qnaniI+LAUX+y5LqWT74NCeJyna1 8FjA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p3si9131070pjr.18.2019.07.05.13.50.34; Fri, 05 Jul 2019 13:50:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728174AbfGEUt7 (ORCPT + 99 others); Fri, 5 Jul 2019 16:49:59 -0400 Received: from mail-wr1-f67.google.com ([209.85.221.67]:39708 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725813AbfGEUt7 (ORCPT ); Fri, 5 Jul 2019 16:49:59 -0400 Received: by mail-wr1-f67.google.com with SMTP id x4so11062507wrt.6 for ; Fri, 05 Jul 2019 13:49:57 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=DhIelk8kmwXi71pyBfRqWH0t2v9nJ6L+6y0uXZsU6K0=; b=MQC1XBPJiOZRrcTuYMGejBDUmN1qRcs/AgSqce+wbYEU/HY+JiZOT8DsyGyDWXjEIf xA0PEbZUwcUqPnpHEqBsve9Tsl/7skpx64dzCYh3rCrhZ4Q7IQ26QSMLJDUm6CtfSzju efRH+KfUKTEIe2mpTBqvAU+GxmOqp8AgdMrc6MUAr0Y+bIUyyJeaY792+mkIlqOdpxms WBy2yESGxX2SsmGsAYrwYKNe+5PzmmdSMJTBFni/ZPm/r4hKlSzeLfRXFs7hcODWyKup 5Hg3LDdg0XPJQ+2UBKpDAr3rGQTKLMjt5YUPDEcLep2E2hw8ncpCFJxVg0SY2o7FUdsy 3CZg== X-Gm-Message-State: APjAAAUj8cM4FK83t/rZJ2CBhLaqY080lmZyc/N6iWWY3i53DclDEb1B yJ6xgy251IT8kqrpeQ3qPdUhPw== X-Received: by 2002:adf:82a8:: with SMTP id 37mr5438446wrc.332.1562359797276; Fri, 05 Jul 2019 13:49:57 -0700 (PDT) Received: from ?IPv6:2001:b07:6468:f312:19db:ad53:90ea:9423? ([2001:b07:6468:f312:19db:ad53:90ea:9423]) by smtp.gmail.com with ESMTPSA id w20sm25963355wra.96.2019.07.05.13.49.56 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Fri, 05 Jul 2019 13:49:56 -0700 (PDT) Subject: Re: [patch V2 04/25] x86/apic: Make apic_pending_intr_clear() more robust To: Thomas Gleixner , Andrew Cooper Cc: LKML , x86@kernel.org, Nadav Amit , Ricardo Neri , Stephane Eranian , Feng Tang , Andy Lutomirski , Alex Williamson References: <20190704155145.617706117@linutronix.de> <20190704155608.636478018@linutronix.de> <958a67c2-4dc0-52e6-43b2-1ebd25a59232@citrix.com> From: Paolo Bonzini Message-ID: <3e9c8e2b-db98-6796-5241-7405f8c57564@redhat.com> Date: Fri, 5 Jul 2019 22:49:55 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 05/07/19 22:25, Thomas Gleixner wrote: > In practice, this makes Linux vulnerable to CVE-2011-1898 / XSA-3, which > I'm disappointed to see wasn't shared with other software vendors at the > time. Oh, that brings back memories. At the time I was working on Xen, so I remember that CVE. IIRC there was some mitigation but the fix was basically to print a very scary error message if you used VT-d without interrupt remapping. Maybe force the user to add something on the Xen command line too? > The more interesting question is whether this is all relevant. If I > understood the issue correctly then this is mitigated by proper interrupt > remapping. Yes, and for Linux we're good I think. VFIO by default refuses to use the IOMMU if interrupt remapping is absent or disabled, and KVM's own (pre-VFIO) IOMMU support was removed a couple years ago. I guess the secure boot lockdown patches should outlaw VFIO's allow_unsafe_interrupts option, but that's it. > Is there any serious usage of virtualization w/o interrupt remapping left > or have the machines which are not capable been retired already? I think they were already starting to disappear in 2011, as I don't remember much worry about customers that were using systems without it. Paolo