[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] possible pciback security issue




On 4 May 2006, at 13:57, Jan Beulich wrote:

Having looked more closely into what would be needed to enable MSI support I stumbled across a simple question: If a domU is granted access to an MSI-capable device, it could maliciously or erroneously enable MSI on that device and program an arbitrary vector to be delivered, or even force the message address and/or value to something that might make
the system misbehave/crash.
It would seem to me that filtering only a few header fields is insufficient from a security point of view, not only from the perspective of MSI. While this may severely limit functionality, I think by default only read access must be granted to any fields/bits of unknown meaning (namely everything outside the header).

That *is* the default.

 -- Keir


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.