WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] possible pciback security issue

from [Keir Fraser] [Permanent Link][Original]
To: "Jan Beulich" <jbeulich@xxxxxxxxxx>
Subject: Re: [Xen-devel] possible pciback security issue
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Thu, 4 May 2006 15:13:00 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 04 May 2006 07:13:11 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <445A26FA.76E4.0078.0@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <445A165E.76E4.0078.0@xxxxxxxxxx> <0331731c2398612565af27030b0638f9@xxxxxxxxxxxx> <445A26FA.76E4.0078.0@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 

On 4 May 2006, at 15:08, Jan Beulich wrote:


Having looked more closely into what would be needed to enable MSI
support I stumbled across a simple question: If a
domU is granted access to an MSI-capable device, it could maliciously
or erroneously enable MSI on that device and
program an arbitrary vector to be delivered, or even force the message 
address and/or value to something that might make
the system misbehave/crash.
It would seem to me that filtering only a few header fields is
insufficient from a security point of view, not only
from the perspective of MSI. While this may severely limit
functionality, I think by default only read access must be
granted to any fields/bits of unknown meaning (namely everything
outside the header).


That *is* the default.


Oh, sorry, I missed the permissive flag.
Ryan's putting together a story on device-specific PCI config-space access filtering, to avoid needing to set the permissive flag for as many common devices as possible.
As for the particular example of MSI -- I think pciback will set up that field as part of device handoff when booting a driver domain. Then it should not be necessary for the driver domain to touch the MSI PCI config field at all. We should probably explicitly disable access to that field, even when permissive mode is enabled. 

 -- Keir


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] possible pciback security issue, Jan Beulich
Next by Date:  Re: [Xen-devel] Questions about Domain switching overhead for Xen 3.0, Ryan Harper
Previous by Thread:  Re: [Xen-devel] possible pciback security issue, Jan Beulich
Next by Thread:  Re: [Xen-devel] possible pciback security issue, Ryan
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy