 Home |
Products |
Support |
Community |
News |
xen-devel
Re: [Xen-devel] possible pciback security issue
| To: | "Jan Beulich" <jbeulich@xxxxxxxxxx> |
|---|---|
| Subject: | Re: [Xen-devel] possible pciback security issue |
| From: | Keir Fraser <Keir.Fraser@xxxxxxxxxxxx> |
| Date: | Thu, 4 May 2006 14:06:14 +0100 |
| Cc: | xen-devel@xxxxxxxxxxxxxxxxxxx |
| Delivery-date: | Thu, 04 May 2006 06:06:28 -0700 |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxx |
| In-reply-to: | <445A165E.76E4.0078.0@xxxxxxxxxx> |
| List-help: | <mailto:xen-devel-request@lists.xensource.com?subject=help> |
| List-id: | Xen developer discussion <xen-devel.lists.xensource.com> |
| List-post: | <mailto:xen-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
| References: | <445A165E.76E4.0078.0@xxxxxxxxxx> |
| Sender: | xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
On 4 May 2006, at 13:57, Jan Beulich wrote: Having looked more closely into what would be needed to enable MSI support I stumbled across a simple question: If a domU is granted access to an MSI-capable device, it could maliciously or erroneously enable MSI on that device and program an arbitrary vector to be delivered, or even force the message address and/or value to something that might makethe system misbehave/crash.It would seem to me that filtering only a few header fields is insufficient from a security point of view, not only from the perspective of MSI. While this may severely limit functionality, I think by default only read access must be granted to any fields/bits of unknown meaning (namely everything outside the header). That *is* the default. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-devel] possible pciback security issue, Jan Beulich |
|---|---|
| Next by Date: | Re: [Xen-devel] xm-test results, Ewan Mellor |
| Previous by Thread: | [Xen-devel] possible pciback security issue, Jan Beulich |
| Next by Thread: | Re: [Xen-devel] possible pciback security issue, Jan Beulich |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
