This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] possible pciback security issue

To: "Jan Beulich" <jbeulich@xxxxxxxxxx>
Subject: Re: [Xen-devel] possible pciback security issue
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Thu, 4 May 2006 14:06:14 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 04 May 2006 06:06:28 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <445A165E.76E4.0078.0@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <445A165E.76E4.0078.0@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

On 4 May 2006, at 13:57, Jan Beulich wrote:

Having looked more closely into what would be needed to enable MSI support I stumbled across a simple question: If a domU is granted access to an MSI-capable device, it could maliciously or erroneously enable MSI on that device and program an arbitrary vector to be delivered, or even force the message address and/or value to something that might make
the system misbehave/crash.
It would seem to me that filtering only a few header fields is insufficient from a security point of view, not only from the perspective of MSI. While this may severely limit functionality, I think by default only read access must be granted to any fields/bits of unknown meaning (namely everything outside the header).

That *is* the default.

 -- Keir

Xen-devel mailing list