Re: Wrt golden MMIO/CFG snaphot in GVT-g

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> From: Joonas Lahtinen [mailto:joonas.lahtinen@xxxxxxxxxxxxxxx]
> Sent: Friday, May 27, 2016 7:39 PM
> 
> On pe, 2016-05-27 at 10:09 +0000, Tian, Kevin wrote:
> > Curious why leaking BIOS configuration to VM is a security problem…
> > Can someone elaborate this view?
> >
> 
> Hi,
> 
> It is a potential vector in case we are blindly reading everything but
> blacklisted registers. Whitelisting would make it less so.
> 
> But bigger problem is that it is a one more variable to the VM
> boot/operation; one could make a server farm non-operational by
> changing BIOS settings from one machine whose tasks are migrated to
> other servers.

I don't think it's a real problem. In reality we'll allow migration between
machines with same generation/configuration, which is also the typical
case in data center/cloud vendors who usually provide one service with
a pool of same models.

> 
> I think both are rather big inconvenience compared to making one-time
> golden MMIO snapshot for strange SKUs.
> 

However there is no such golden MMIO definition in spec which works on all
SKUs. There are many states which might be sku specific. Using a golden
state different from underlying hardware would lead to unexpected issues
and difficult to debug.

Thanks
Kevin
_______________________________________________
Intel-gfx mailing list
Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/intel-gfx




[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]
  Powered by Linux