[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v4] xen-pciback: optionally allow interrupt enable flag writes
On Wed, Jan 15, 2020 at 05:32:32PM -0500, Boris Ostrovsky wrote: > > > On 1/15/20 11:48 AM, Roger Pau Monné wrote: > > On Wed, Jan 15, 2020 at 02:46:29AM +0100, Marek Marczykowski-Górecki wrote: > > > QEMU running in a stubdom needs to be able to set INTX_DISABLE, and the > > > MSI(-X) enable flags in the PCI config space. This adds an attribute > > > 'allow_interrupt_control' which when set for a PCI device allows writes > > > to this flag(s). The toolstack will need to set this for stubdoms. > > > When enabled, guest (stubdomain) will be allowed to set relevant enable > > > flags, but only one at a time - i.e. it refuses to enable more than one > > > of INTx, MSI, MSI-X at a time. > > > > > > This functionality is needed only for config space access done by device > > > model (stubdomain) serving a HVM with the actual PCI device. It is not > > > necessary and unsafe to enable direct access to those bits for PV domain > > > with the device attached. For PV domains, there are separate protocol > > > messages (XEN_PCI_OP_{enable,disable}_{msi,msix}) for this purpose. > > > Those ops in addition to setting enable bits, also configure MSI(-X) in > > > dom0 kernel - which is undesirable for PCI passthrough to HVM guests. > > > > > > This should not introduce any new security issues since a malicious > > > guest (or stubdom) can already generate MSIs through other ways, see > > > [1] page 8. Additionally, when qemu runs in dom0, it already have direct > > > access to those bits. > > > > > > This is the second iteration of this feature. First was proposed as a > > > direct Xen interface through a new hypercall, but ultimately it was > > > rejected by the maintainer, because of mixing pciback and hypercalls for > > > PCI config space access isn't a good design. Full discussion at [2]. > > > > > > [1]: > > > https://invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf > > > [2]: https://xen.markmail.org/thread/smpgpws4umdzizze > > > > > > [part of the commit message and sysfs handling] > > > Signed-off-by: Simon Gaiser <simon@xxxxxxxxxxxxxxxxxxxxxx> > > > [the rest] > > > Signed-off-by: Marek Marczykowski-Górecki > > > <marmarek@xxxxxxxxxxxxxxxxxxxxxx> > > Some minor nits below, but LGTM: > > > > Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> > > > > > > > > diff --git a/Documentation/ABI/testing/sysfs-driver-pciback > > > b/Documentation/ABI/testing/sysfs-driver-pciback > > > index 6a733bfa37e6..566a11f2c12f 100644 > > > --- a/Documentation/ABI/testing/sysfs-driver-pciback > > > +++ b/Documentation/ABI/testing/sysfs-driver-pciback > > > @@ -11,3 +11,16 @@ Description: > > > #echo 00:19.0-E0:2:FF > > > > /sys/bus/pci/drivers/pciback/quirks > > > will allow the guest to read and write to the > > > configuration > > > register 0x0E. > > > + > > > +What: /sys/bus/pci/drivers/pciback/allow_interrupt_control > > > +Date: Jan 2020 > > > +KernelVersion: 5.5 > > 5.6 > > I can fix this and the things that Roger mentioned while committing if Marek > is OK with that. Yes, thanks! -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? Attachment:
signature.asc _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |