|
|
|
|
|
|
|
|
|
|
xen-devel
Re: [Xen-devel] [PATCH] tools/ioemu: Fixing Security Hole in Qemu MSIX t
Haitao Shan writes ("[Xen-devel] [PATCH] tools/ioemu: Fixing Security Hole in
Qemu MSIX table access management"):
> As reported by Jan, current Qemu does not handle MSIX table mapping properly.
>
> Details:
>
> MSI-X table resides in one of the physical BARs. When Qemu handles
> guest's changes to BAR register (within which, MSI-X table resides),
> Qemu first allows access of the whole BAR MMIO ranges and then removes
> those of MSI-X. There is a small window here. It is possible that on a
> SMP guests one vcpu could have access to the physical MSI-X
> configurations when another vcpu is writing BAR registers.
>
> The patch fixes this issue by first producing the valid MMIO ranges by
> removing MSI-X table's range from the whole BAR mmio range and later
> passing these ranges to Xen.
I'm afraid it wasn't clear to me what the consensus was on the status
of the attached patch, and I'm not very familiar with the code.
Also, if this is a security problem we should really issue an advisory...
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Xen-devel] [PATCH] tools/ioemu: Fixing Security Hole in Qemu MSIX table access management,
Ian Jackson <=
|
|
|
|
|