|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] libxl: passthrough: avoid passing through devices not owned by pciback
<Porting from xen 4.1, patch on Xen unstable 25138>
libxl: passthrough: avoid passing through devices not owned by pciback
This patch makes sure the passthrough device belongs to pciback before allow
them passthrough to the guest. There are still many other checks missing.
xm terminates the guest startup process when this type of condition is found.
This patch just allows the guest to continue to boot but with no device
passthrough.
Signed-off-by: Allen Kay <allen.m.kay@xxxxxxxxx>
Signed-off-by: Xudong Hao <xudong.hao@xxxxxxxxx>
diff -r 4e1d091d10d8 tools/libxl/libxl_pci.c
--- a/tools/libxl/libxl_pci.c Fri Mar 16 15:24:25 2012 +0000
+++ b/tools/libxl/libxl_pci.c Thu Mar 22 00:43:14 2012 +0800
@@ -779,6 +779,24 @@ int libxl_device_pci_add(libxl_ctx *ctx,
return rc;
}
+static int libxl_pcidev_assignable(libxl_ctx *ctx, libxl_device_pci
+*pcidev) {
+ libxl_device_pci *pcidevs;
+ int num, i;
+
+ pcidevs = libxl_device_pci_list_assignable(ctx, &num);
+ for (i = 0; i < num; i++) {
+ if (pcidevs[i].domain == pcidev->domain &&
+ pcidevs[i].bus == pcidev->bus &&
+ pcidevs[i].dev == pcidev->dev &&
+ pcidevs[i].func == pcidev->func)
+ {
+ return 1;
+ }
+ }
+ return 0;
+}
+
int libxl__device_pci_add(libxl__gc *gc, uint32_t domid, libxl_device_pci
*pcidev, int starting) {
libxl_ctx *ctx = libxl__gc_owner(gc); @@ -789,6 +807,13 @@ int
libxl__device_pci_add(libxl__gc *gc,
rc = libxl__device_pci_setdefault(gc, pcidev);
if (rc) goto out;
+
+ if (!libxl_pcidev_assignable(ctx, pcidev)) {
+ LIBXL__LOG(ctx, LIBXL__LOG_ERROR, "PCI device %x:%x:%x.%x is not
assignable",
+ pcidev->domain, pcidev->bus, pcidev->dev, pcidev->func);
+ rc = ERROR_FAIL;
+ goto out;
+ }
rc = get_all_assigned_devices(gc, &assigned, &num_assigned);
if ( rc ) {
Thanks,
-Xudong
> -----Original Message-----
> From: Ian Jackson [mailto:Ian.Jackson@xxxxxxxxxxxxx]
> Sent: Thursday, April 05, 2012 10:42 PM
> To: Hao, Xudong
> Cc: xen-devel@xxxxxxxxxxxxxxxxxxx; Kay, Allen M
> Subject: RE: [Xen-devel] [PATCH] libxl: passthrough: avoid passing through
> devices not owned by pciback
>
> Hao, Xudong writes ("RE: [Xen-devel] [PATCH] libxl: passthrough: avoid passing
> through devices not owned by pciback"):
> >
> > > -----Original Message-----
> > > From: Ian Jackson [mailto:Ian.Jackson@xxxxxxxxxxxxx]
> > > Sent: Tuesday, April 03, 2012 1:01 AM
> > > To: Hao, Xudong
> > > Cc: xen-devel@xxxxxxxxxxxxxxxxxxx; Kay, Allen M
> > > Subject: Re: [Xen-devel] [PATCH] libxl: passthrough: avoid passing
> > > through devices not owned by pciback
> > >
> > > Hao, Xudong writes ("[Xen-devel] [PATCH] libxl: passthrough: avoid
> > > passing through devices not owned by pciback"):
> > > > <Porting from Xen 4.1 tree.>
> > > >
> > > > libxl: passthrough: avoid passing through devices not owned by
> > > > pciback
> > >
> > > I'm afraid this no longer applies to xen-unstable.hg tip.
> > >
> > Reason?
> >
> > If no pciback checking, one device could be assigned to guest even it's
> > being
> used by dom0, is there security issue?
>
> I mean that it has conflicts when I try to apply it. You need to refresh it.
>
> Thanks,
> Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |