xen-devel

[Top] [All Lists]

Re: [Xen-devel] possible pciback security issue

from [Jan Beulich]

[Permanent Link][Original]

To:	"Keir Fraser" <Keir.Fraser@xxxxxxxxxxxx>
Subject:	Re: [Xen-devel] possible pciback security issue
From:	"Jan Beulich" <jbeulich@xxxxxxxxxx>
Date:	Thu, 04 May 2006 16:08:26 +0200
Cc:	xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Thu, 04 May 2006 07:07:41 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<0331731c2398612565af27030b0638f9@xxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<445A165E.76E4.0078.0@xxxxxxxxxx> <0331731c2398612565af27030b0638f9@xxxxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

>>> Keir Fraser <Keir.Fraser@xxxxxxxxxxxx> 04.05.06 15:06 >>>
>
>On 4 May 2006, at 13:57, Jan Beulich wrote:
>
>> Having looked more closely into what would be needed to enable MSI 
>> support I stumbled across a simple question: If a
>> domU is granted access to an MSI-capable device, it could maliciously 
>> or erroneously enable MSI on that device and
>> program an arbitrary vector to be delivered, or even force the message 
>> address and/or value to something that might make
>> the system misbehave/crash.
>> It would seem to me that filtering only a few header fields is 
>> insufficient from a security point of view, not only
>> from the perspective of MSI. While this may severely limit 
>> functionality, I think by default only read access must be
>> granted to any fields/bits of unknown meaning (namely everything 
>> outside the header).
>
>That *is* the default.

Oh, sorry, I missed the permissive flag.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] possible pciback security issue, Jan Beulich Re: [Xen-devel] possible pciback security issue, Keir Fraser Re: [Xen-devel] possible pciback security issue, Jan Beulich <= Re: [Xen-devel] possible pciback security issue, Keir Fraser Re: [Xen-devel] possible pciback security issue, Ryan

Previous by Date:	[Xen-devel] Re: Re-using the x86_emulate_memop() to perform MMIO for HVM., Keir Fraser
Next by Date:	Re: [Xen-devel] possible pciback security issue, Keir Fraser
Previous by Thread:	Re: [Xen-devel] possible pciback security issue, Keir Fraser
Next by Thread:	Re: [Xen-devel] possible pciback security issue, Keir Fraser
Indexes:	[Date] [Thread] [Top] [All Lists]