On 05/07/2019 21:49, Paolo Bonzini wrote: > On 05/07/19 22:25, Thomas Gleixner wrote: >> In practice, this makes Linux vulnerable to CVE-2011-1898 / XSA-3, which >> I'm disappointed to see wasn't shared with other software vendors at the >> time. > Oh, that brings back memories. At the time I was working on Xen, so I > remember that CVE. IIRC there was some mitigation but the fix was > basically to print a very scary error message if you used VT-d without > interrupt remapping. Maybe force the user to add something on the Xen > command line too?
It was before my time. I have no public comment on how the other aspects of it were handled. >> Is there any serious usage of virtualization w/o interrupt remapping left >> or have the machines which are not capable been retired already? > I think they were already starting to disappear in 2011, as I don't > remember much worry about customers that were using systems without it. ISTR Nehalem/Westmere era systems were the first to support interrupt remapping, but were totally crippled with errata to the point of needing to turn a prerequisite feature (Queued Invalidation) off. I believe later systems have it working to a first approximation. As to the original question, whether people should be using such systems is a different question to whether they actually are. ~Andrew