This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] possible pciback security issue

On Thu, 2006-05-04 at 15:13 +0100, Keir Fraser wrote:
> As for the particular example of MSI -- I think pciback will set up 
> that field as part of device handoff when booting a driver domain. Then 
> it should not be necessary for the driver domain to touch the MSI PCI 
> config field at all. We should probably explicitly disable access to 
> that field, even when permissive mode is enabled.
>   -- Keir

Doing something like the attached patch should be sufficient to ensure
that even in permissive mode, you can't turn on MSI (note that I quickly
coded this patch as an example and haven't compiled/tested it yet; I
believe it should do what we want, but I'm not really in a position to
give it the testing that it deserves). I don't really like having to add
fields to just block the handling in permissive mode (I feel as though
this is creeping towards a default permit mentality), but I understand
its usefulness for letting users get their devices working immediately
if they're willing to accept the risk of less isolation.

AFAICT, the rest of the MSI fields are meaningless unless the MSI enable
bit is set so I believe that is all that needs to be protected.


Attachment: pciback-msi.patch
Description: Text Data

Xen-devel mailing list
<Prev in Thread] Current Thread [Next in Thread>