[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] possible pciback security issue

To: <xen-devel@xxxxxxxxxxxxxxxxxxx>
From: "Jan Beulich" <jbeulich@xxxxxxxxxx>
Date: Thu, 04 May 2006 14:57:34 +0200
Delivery-date: Thu, 04 May 2006 05:56:56 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Having looked more closely into what would be needed to enable MSI support I 
stumbled across a simple question: If a
domU is granted access to an MSI-capable device, it could maliciously or 
erroneously enable MSI on that device and
program an arbitrary vector to be delivered, or even force the message address 
and/or value to something that might make
the system misbehave/crash.
It would seem to me that filtering only a few header fields is insufficient 
from a security point of view, not only
from the perspective of MSI. While this may severely limit functionality, I 
think by default only read access must be
granted to any fields/bits of unknown meaning (namely everything outside the 
header).

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel] possible pciback security issue
  - From: Keir Fraser

Prev by Date: RE: [Xen-devel] possible to give/switch direct graphics hw access to doms?
Next by Date: Re: [Xen-devel] possible pciback security issue
Previous by thread: RE: [Xen-devel] possible to give/switch direct graphics hw access to doms?
Next by thread: Re: [Xen-devel] possible pciback security issue
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.