|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] possible pciback security issue
On Thu, 2006-05-04 at 15:13 +0100, Keir Fraser wrote: > As for the particular example of MSI -- I think pciback will set up > that field as part of device handoff when booting a driver domain. Then > it should not be necessary for the driver domain to touch the MSI PCI > config field at all. We should probably explicitly disable access to > that field, even when permissive mode is enabled. > > -- Keir Doing something like the attached patch should be sufficient to ensure that even in permissive mode, you can't turn on MSI (note that I quickly coded this patch as an example and haven't compiled/tested it yet; I believe it should do what we want, but I'm not really in a position to give it the testing that it deserves). I don't really like having to add fields to just block the handling in permissive mode (I feel as though this is creeping towards a default permit mentality), but I understand its usefulness for letting users get their devices working immediately if they're willing to accept the risk of less isolation. AFAICT, the rest of the MSI fields are meaningless unless the MSI enable bit is set so I believe that is all that needs to be protected. Ryan Attachment:
pciback-msi.patch _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |