Score:0

Xen hypervisor: What does the acronym RMRR mean in "(XEN) [VT-D] It's risky to assign" ... "with shared RMRR at"? What are the risks?

cn flag

I'm running Qubes-OS 4.1.0 While looking through the /var/log/xen/console/hypervisor.log I stumbled over the following messages:

...
(XEN) [VT-D] It's risky to assign 0000:00:14.0 with shared RMRR at c9f42000 for Dom40.
(XEN) [VT-D] It's risky to assign 0000:00:1d.0 with shared RMRR at c9f42000 for Dom40.

In my case those PCI devices in question are USB controllers. They are handled by a VM called sys-usb in order to protect the bare metal carrier system from the risks of any malicious USB device being plugged in.

My questions are: What is the meaning of the acronym RMRR in this context? And what are the risks involved with this so called "shared RMRR"?

cn flag
"Reserved Memory Region Reporting". https://groups.google.com/g/qubes-users/c/gS1XTal8XYs/m/6ACnyN7WCAAJ is probably relevant, even though old and the settings are a bit different. (I think it basically comes down to Xen warning as soon as you start assigning devices that are grouped in a single RMRR, because you could assign them in some impossible way that will break things)
pefu avatar
cn flag
Hi Håkan, Thank you for this hint and link. I will now try to learn about this "Reserved Memory Region Reporting". However I fear I have to live with the risks involved anyway because I use an USB keyboard since this machine is lacking the good old PS2 keyboard socket from the past. :-)
cn flag
No problem, I feel that I don't know the details enough myself to write a proper answer. But to my knowledge, if you are assigning all those devices to the same domain, that is a non-issue.
pefu avatar
cn flag
In my case I've three USB host controllers. One of these three controllers is assigned to my administrative domain dom0 because the keyboard is connected to this controller. The other two USB host controllers are assigned to the before mentioned less privileged special domain `sys-usb`. This domain is considered less trust worthy in Qubes-OS because a malicious USB device might sometime somehow intrude und conquer this particular domain. more info: https://www.cvedetails.com/cve/CVE-2021-28702/ and ...
pefu avatar
cn flag
... continued: http://www.intel.com/content/dam/www/public/us/en/documents/product-specifications/vt-directed-io-spec.pdf This nearly 300 page document contains a section 8.4 explaining the term Reserved Memory Region Reporting and the data structure used.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.