[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Move some of the PCI device manage/control into pciback?



[Shohei Fujiwara]
> On Fri, 16 Jan 2009 11:26:10 +0800
> "Jiang, Yunhong" <yunhong.jiang@xxxxxxxxx> wrote:

>> Shohei, I think this model may have some issue. 
>> a) The stubdomain/qemu is not trustable, so user may use a fake stub
>>  domain and try to programe some sensitive config space (like MSI).

> My idea is to call XEN_DOMCTL_iomem_permission from domain 0.  So my
> idea doesn't open a new hole.

> In addition to this, interrupt remapping of VT-d can block invalid
> MSI.

Except, the MSI entry must be programmed to deliver interrupts in a
special remappable format.  The stub domain can not be allowed to
write arbitrary contents into the MSI entry.

        eSk


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.