|
|
|
|
|
|
|
|
|
|
xen-devel
Re: [Xen-devel] possible pciback security issue
>>> Keir Fraser <Keir.Fraser@xxxxxxxxxxxx> 04.05.06 15:06 >>>
>
>On 4 May 2006, at 13:57, Jan Beulich wrote:
>
>> Having looked more closely into what would be needed to enable MSI
>> support I stumbled across a simple question: If a
>> domU is granted access to an MSI-capable device, it could maliciously
>> or erroneously enable MSI on that device and
>> program an arbitrary vector to be delivered, or even force the message
>> address and/or value to something that might make
>> the system misbehave/crash.
>> It would seem to me that filtering only a few header fields is
>> insufficient from a security point of view, not only
>> from the perspective of MSI. While this may severely limit
>> functionality, I think by default only read access must be
>> granted to any fields/bits of unknown meaning (namely everything
>> outside the header).
>
>That *is* the default.
Oh, sorry, I missed the permissive flag.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|