WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] possible pciback security issue

from [Ryan] [Permanent Link][Original]
To: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] possible pciback security issue
From: Ryan <hap9@xxxxxxxxxxxxxx>
Date: Thu, 04 May 2006 11:09:40 -0400
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, Jan Beulich <jbeulich@xxxxxxxxxx>
Delivery-date: Thu, 04 May 2006 08:10:11 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <81b7846467867b60e73c3b1153a33dcd@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <445A165E.76E4.0078.0@xxxxxxxxxx> <0331731c2398612565af27030b0638f9@xxxxxxxxxxxx> <445A26FA.76E4.0078.0@xxxxxxxxxx> <81b7846467867b60e73c3b1153a33dcd@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
On Thu, 2006-05-04 at 15:13 +0100, Keir Fraser wrote:
> As for the particular example of MSI -- I think pciback will set up 
> that field as part of device handoff when booting a driver domain. Then 
> it should not be necessary for the driver domain to touch the MSI PCI 
> config field at all. We should probably explicitly disable access to 
> that field, even when permissive mode is enabled.
> 
>   -- Keir

Doing something like the attached patch should be sufficient to ensure
that even in permissive mode, you can't turn on MSI (note that I quickly
coded this patch as an example and haven't compiled/tested it yet; I
believe it should do what we want, but I'm not really in a position to
give it the testing that it deserves). I don't really like having to add
fields to just block the handling in permissive mode (I feel as though
this is creeping towards a default permit mentality), but I understand
its usefulness for letting users get their devices working immediately
if they're willing to accept the risk of less isolation.

AFAICT, the rest of the MSI fields are meaningless unless the MSI enable
bit is set so I believe that is all that needs to be protected.

Ryan

Attachment: pciback-msi.patch
Description: Text Data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Using arch/x86_64/pci-dma in x86_64 Xen, Langsdorf, Mark
Next by Date:  Re: [Xen-devel] Problems booting VM using unified Xen kernel (x86_64), David F. Barrera
Previous by Thread:  Re: [Xen-devel] possible pciback security issue, Keir Fraser
Next by Thread:  [Xen-devel] RE: Re-using the x86_emulate_memop() to perform MMIO for HVM., Petersson, Mats
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy