[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

To: "Chen, Tiejun" <tiejun.chen@xxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>
From: "Tian, Kevin" <kevin.tian@xxxxxxxxx>
Date: Fri, 11 Sep 2015 00:58:46 +0000
Accept-language: en-US
Cc: "Zhang, Yang Z" <yang.z.zhang@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Fri, 11 Sep 2015 00:58:56 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>
Thread-index: AQHQ6sxpChslz9G5Uk+FVJ0H+xj8Ip41OgfAgABZx+KAANSXwP//lSgAgACGrwA=
Thread-topic: [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode

> From: Chen, Tiejun
> Sent: Friday, September 11, 2015 8:56 AM
> 
> >> > > Need to have separate warning/error level for relax/strict.
> >> > >
> >> > > However I don't think this patch is a right fix. So far relax/strict 
> >> > > policy
> >> > > is per-domain. what about one VM specifies relax while another VM
> >> > > specifies strict when each is assigned with a device sharing rmrr
> >> > > with the other? In that case it becomes a system-wide security hole.
> >> >
> >> > The one specifying "strict" won't gets its device assigned (due to
> >> > the code above, taking the path that was there already without
> >> > the patch), so I don't see the security issue.
> >> >
> >>
> >> Agreed. A VM can't get such device assigned in the first place, so the
> >> hypothetical scenario doesn't exist.
> >>
> >
> > Sorry it's a bad example. My actual concern is that we can't count
> > on this per-VM relax/strict policy to prevent group devices assigned
> > to different VM. In that case it's definitely a security hole since
> > one VM may clobber shared RMRR to impact another VM. So right
> > example for that scenario is both VMs specified with 'relax'.
> 
> What if one of group devices is still owned by Dom0?
> 

It's also risky since other VM may attack Dom0 in such scenario.

Thanks
Kevin

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode
  - From: Chen, Tiejun

References:
- [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode
  - From: Tiejun Chen
- Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode
  - From: Jan Beulich
- Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode
  - From: Tian, Kevin
- Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode
  - From: Jan Beulich
- Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode
  - From: Wei Liu
- Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode
  - From: Tian, Kevin
- Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode
  - From: Chen, Tiejun

Prev by Date: Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode
Next by Date: Re: [Xen-devel] [PATCH] xen/domctl: lower loglevel of XEN_DOMCTL_memory_mapping
Previous by thread: Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode
Next by thread: Re: [Xen-devel] [v2][PATCH] xen/vtd/iommu: permit group devices to passthrough in relaxed mode
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.