[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] pciback: question about the permissive flag
On Wed, Jul 07, 2010 at 11:23:38PM +0200, Joanna Rutkowska wrote:
> On 07/07/10 17:18, Konrad Rzeszutek Wilk wrote:
> > On Tue, Jul 06, 2010 at 11:37:27PM +0200, Joanna Rutkowska wrote:
> >> I'm trying to understand the purpose of the permissive flag in the Xen
> >> pciback driver. The comments in the code suggest that setting
> >> permissive=1 is "potentially unsafe", and I've been wondering why?
> >> My thinking goes this way -- we either:
> >> 1) have IOMMU/VT-d in the system, and use it to isolate the device
> >> assigned to a DomU, in which case allowing the DomU to fully control the
> >> assigned device's config space should not be a problem because VT-d
> > But that is not the case. The PCI config writes are actually done by
> > Dom0. The Xen PCI frontend redirects all config space reads/writes to
> > the Xen PCI backend that does them on the guest behalf.
> Hmm, not sure if I understand why you wrote "this is not the case"
> above? Of course DomU cannot directly change anything in PCI config
> space of any device, because its kernel code executes in Ring 3 or 1,
> and cannot do IO to 0xcf8/cfc. But I was under impression that once we
> assign a PCI device to the DomU, and once we set permissive=1, then this
> would effectively allow DomU to fully control the device config space.
> Is this not correct?
That is correct.
> > There are some backend-backend config space libs that deal with
> > different regions (power, MSI), and for those that are not present
> > the permissive flag is used to figure out whether the guest is allowed
> > to write to that region.
> What do you mean by a "backend-backend" lib?
Xen-devel mailing list