[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v16 2/3] mem_sharing: allow forking domain with IOMMU enabled



On Wed, Apr 22, 2020 at 3:09 AM Roger Pau Monné <roger.pau@xxxxxxxxxx> wrote:
>
> On Tue, Apr 21, 2020 at 10:47:24AM -0700, Tamas K Lengyel wrote:
> > The memory sharing subsystem by default doesn't allow a domain to share 
> > memory
> > if it has an IOMMU active for obvious security reasons. However, when 
> > fuzzing a
> > VM fork, the same security restrictions don't necessarily apply. While it 
> > makes
> > no sense to try to create a full fork of a VM that has an IOMMU attached as 
> > only
> > one domain can own the pass-through device at a time, creating a shallow 
> > fork
> > without a device model is still very useful for fuzzing kernel-mode drivers.
> >
> > By allowing the parent VM to initialize the kernel-mode driver with a real
> > device that's pass-through, the driver can enter into a state more suitable 
> > for
> > fuzzing. Some of these initialization steps are quite complex and are 
> > easier to
> > perform when a real device is present. After the initialization, shallow 
> > forks
> > can be utilized for fuzzing code-segments in the device driver that don't
> > directly interact with the device.
> >
> > Signed-off-by: Tamas K Lengyel <tamas.lengyel@xxxxxxxxx>
>
> Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Thanks! This can be merged independent of the other patches in the series.

Tamas



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.