|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] x86: protect MSI-X table and pending bit array from guest writes
On Mon, Sep 20, 2010 at 02:23:51PM +0100, Jan Beulich wrote: > These structures are used by Xen, and hence guests must not be able > to fiddle with them. > > qemu-dm currently plays with the MSI-X table, requiring Dom0 to > still have write access. This is broken (explicitly allowing the guest > write access to the mask bit) and should be fixed in qemu-dm, at which > time Dom0 won't need any special casing anymore. > > The changes are made under the assumption that p2m_mmio_direct will > only ever be used for order 0 pages. > > An open question is whether dealing with pv guests (including the > IOMMU-less case) is necessary, as handling mappings a domain may > already have in place at the time the first interrupt gets set up > would require scanning all of the guest's L1 page table pages. When the PCI passthrough is utilized for PV guests we utilize the xc_domain_iomem_permission, xc_domain_ioport_permission, and xc_physdev_map_pirq before we even start the guest. With your patch, will the MFN regions that are specified by the iomem_permission still be visible to the PV domain? I think the answer is yes, and I think the MSI-X regions are not of any importance to the PV guests as Dom0 is the one setting up the MSI-X entries and passing on the vector value to the PV guest. But I just want to be sure about this. > Currently a hole still remains allowing PV guests to map these ranges > before actually setting up any MSI-X vector for a device. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |