[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] [PATCH][RFC] Support more Capability StructuresandDevice Specific

To: "Ian Jackson" <Ian.Jackson@xxxxxxxxxxxxx>
From: "Dong, Eddie" <eddie.dong@xxxxxxxxx>
Date: Fri, 4 Jul 2008 07:03:34 +0800
Cc: Yuji Shimada <shimada-yxb@xxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx, "Dong, Eddie" <eddie.dong@xxxxxxxxx>, Keir Fraser <keir.fraser@xxxxxxxxxxxxx>, Alan Cox <alan@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 03 Jul 2008 16:05:05 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
Thread-index: Acjc8laL+pbxudG0TsOwIdZl6ZSz9gAbnl3Q
Thread-topic: [Xen-devel] [PATCH][RFC] Support more Capability StructuresandDevice Specific

Ian Jackson wrote:
> Dong, Eddie writes ("RE: [Xen-devel] [PATCH][RFC] Support
> more Capability Structures andDevice Specific"): 
>> Alan Cox wrote:
>>> In the general case there are also some really nasty
>>> dirty attacks you can't stop with an IOMMU one of which
>>> is to reflash the BIOS of the graphics card to which you
>>> were given unrestricted access so that you compromise
>>> the entire system next boot. These attacks appear well
>>> understood except by IOMMU marketing people ;)
>> 
>> Same with above, this is already protected by IOMMU,
>> peer to peer DMA is not supported right now.
> 
> You have evidently completely misunderstood Alan's point.
> 
> I was going to explain it again but I'm not sure I know
> how to say it 
> more clearly.  Alan's scenario doesn't involve any peer
> to peer DMA. 
> 
> Ian.
> 
Ok, if it means guest direct MMIO to flash bios, then yes. But it is not
related with our discussion, i.e. no matter we pass through CFGS
registers or not, it may happen.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

References:
- Re: [Xen-devel] [PATCH][RFC] Support more Capability Structures andDevice Specific
  - From: Yuji Shimada
- Re: [Xen-devel] [PATCH][RFC] Support more Capability Structures andDevice Specific
  - From: Ian Jackson
- RE: [Xen-devel] [PATCH][RFC] Support more Capability Structures andDevice Specific
  - From: Dong, Eddie
- RE: [Xen-devel] [PATCH][RFC] Support more Capability Structures andDevice Specific
  - From: Ian Jackson
- Re: [Xen-devel] [PATCH][RFC] Support more Capability Structures andDevice Specific
  - From: Alan Cox
- RE: [Xen-devel] [PATCH][RFC] Support more Capability Structures andDevice Specific
  - From: Dong, Eddie
- RE: [Xen-devel] [PATCH][RFC] Support more Capability Structures andDevice Specific
  - From: Ian Jackson

Prev by Date: Re: [Xen-devel] RE: [PATCH] record max stime skew (was RE: [PATCH] strictly increasing hvm guest time)
Next by Date: [Xen-devel] [PATCH 0/3] fast domain suspend support
Previous by thread: RE: [Xen-devel] [PATCH][RFC] Support more Capability Structures andDevice Specific
Next by thread: RE: [Xen-devel] [PATCH][RFC] Support more Capability Structures andDevice Specific
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.