[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Hardware passthrough without MSI-X


  • To: <Xen-users@xxxxxxxxxxxxxxxxxxx>
  • From: "Robert Dunkley" <Robert@xxxxxxxxx>
  • Date: Fri, 29 Oct 2010 09:23:03 +0100
  • Cc:
  • Delivery-date: Wed, 10 Nov 2010 10:25:36 -0800
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Thread-index: Act3QoG7NavsvkxARwuRmG8NuX/N3Q==
  • Thread-topic: Hardware passthrough without MSI-X

Hi Everyone,


A recent email to the kernel mailing list by Konrad Wilk caught my
interest, here's the relevant extract:
"First of Xen PCI frontend driver can be used by PV guests on hardware
that with or without hardware IOMMU. Without an hardware IOMMU you have
a
potential security hole wherein a guest domain can use the hardware to
map
pages outside its memory range and slurp pages up. As such, this is more
restricted to a Privileged PV domain, aka - device driver domain
(similar to Qubes but a poor-man mechanism [1])."

Am I right in thinking that this means hardware pass through to a PV
guest is possible on a system without IOMMU? (Eg. Nvidia chipset
Opteron). How dangerous is the "Potential Security Hole" for VMs
controlled by the system admin?


Thanks,

Rob

The SAQ Group

Registered Office: 18 Chapel Street, Petersfield, Hampshire GU32 3DZ
SAQ is the trading name of SEMTEC Limited. Registered in England & Wales
Company Number: 06481952

http://www.saqnet.co.uk AS29219

SAQ Group Delivers high quality, honestly priced communication and I.T. 
services to UK Business.

Broadband : Domains : Email : Hosting : CoLo : Servers : Racks : Transit : 
Backups : Managed Networks : Remote Support.

ISPA Member


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.