WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

RE: [Xen-devel] [PATCH][RFC] Support more Capability Structures andDevic

Dong, Eddie writes ("RE: [Xen-devel] [PATCH][RFC] Support more Capability 
Structures andDevice Specific"):
> Per current data, pass through get many known bug fixed as the case
> Dexuan mentioned. But we didn't see a HW damaging host. Some know issue
> could be a device issuing tons of PCIe traffic, absorbing extra power,
> issuing interrupt storm etc, but right now we didn't see issues yet.

Most people doing PCI passthrough appear to be under the impression
that the guest cannot escape and cannot damage the host.  (Even those
currently doing PCI passthrough with current production hardware
without an iommu!)

I think it is fine to have a passthrough option which doesn't properly
protect the host from the guest - this is a useful setup in many
situations.  But it should not be enabled by default, surely ?

Note that this is a _security_ problem.  So `data' about `issues'
which you have `seen' is irrelevant.  Just because you haven't
actually observed any misbehaviour with non-malicious guests doesn't
mean that a malicious guest couldn't cause the hardware to melt.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel