Xen project Mailing List

Re: [PATCH v5 14/14] vpci: add TODO for the registers not explicitly handled

To: Oleksandr Andrushchenko <andr2000@xxxxxxxxx>

Date: Thu, 25 Nov 2021 12:17:32 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Qzn/kpt33PAZbQW8/une7kjGEoccxWfuA7ZBjT4d4S4=; b=FQHnseizwoM7101g8VUtQjDiA+wx3Yem11ofxVmrG1nXf7hEYmuICoQBHvoz2qCAU3KD28CnPCY+duklpt7Ys68yyHt14ADjFaFcmpLv6el1eA2O5dXvIzdMKmHAJIHNTbKOBbjWb3C/EBOc+3FB6o9zOg6qJ8Up9w8FnSQqeEMY/Njr0z7ASTTvAD0HyZixAbm9r1uezkTeZp+MdAvtsM1Ujd/j2ISoaC5kgVZBu3dQPb/NzhaKPeRej7Rs98mqogDY+kDdPgs1+7yP5qzZOYM9iS/Lx09vQ+XFVLNmNpiS75hyh4Hser22sJMLkq+LMFrschFTm5ChNG7vssSRDA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=arRo3PNlcgAi42hDkJqzspaT1e5dXUnMhUaXH79f9RBzch4Fg+xGRajtZU0a7TY3SNyuvc8y9mANvbzXcR7DEFbZKYvrlL1GDmg5j7E3Anomiay7fOWa3UDq9ErjchuRXotIfRgR4ibTe1GgNIqbZOfwr3kfdeght0nPk4r0qkIp/5uKHsGpu+Zao2dp2XIge1z2VH4+8A4z5RttdoiKhY0eggKOnTr9cOL/QfvtkuSanA+r823nKR3NS3O7xYw0yZvmehAr/IVDyxXQ7fgav1ovPVEdN+Woxb8RLRrX9L/E9GQuWLHoOBKObE6C7ctqwVrL2qw/UpxFrhof5NkPXw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: julien@xxxxxxx, sstabellini@xxxxxxxxxx, oleksandr_tyshchenko@xxxxxxxx, volodymyr_babchuk@xxxxxxxx, Artem_Mygaiev@xxxxxxxx, roger.pau@xxxxxxxxxx, andrew.cooper3@xxxxxxxxxx, george.dunlap@xxxxxxxxxx, paul@xxxxxxx, bertrand.marquis@xxxxxxx, rahul.singh@xxxxxxx, Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Thu, 25 Nov 2021 11:17:54 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 25.11.2021 12:02, Oleksandr Andrushchenko wrote: > From: Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx> > > For unprivileged guests vpci_{read|write} need to be re-worked > to not passthrough accesses to the registers not explicitly handled > by the corresponding vPCI handlers: without fixing that passthrough > to guests is completely unsafe as Xen allows them full access to > the registers. > > Xen needs to be sure that every register a guest accesses is not > going to cause the system to malfunction, so Xen needs to keep a > list of the registers it is safe for a guest to access. > > For example, we should only expose the PCI capabilities that we know > are safe for a guest to use, i.e.: MSI and MSI-X initially. > The rest of the capabilities should be blocked from guest access, > unless we audit them and declare safe for a guest to access. > > As a reference we might want to look at the approach currently used > by QEMU in order to do PCI passthrough. A very limited set of PCI > capabilities known to be safe for untrusted access are exposed to the > guest and registers need to be explicitly handled or else access is > rejected. Xen needs a fairly similar model in vPCI or else none of > this will be safe for unprivileged access. > > Add the corresponding TODO comment to highlight there is a problem that > needs to be fixed. > > Suggested-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> > Suggested-by: Jan Beulich <jbeulich@xxxxxxxx> > Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx> Looks okay to me in principle, but imo needs to come earlier in the series, before things actually get exposed to DomU-s. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.