|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] c/s 24425:053a44894279 (xsm: add checks on PCI configuration access)
>>> On 21.06.12 at 16:19, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote:
> On 06/21/2012 09:20 AM, Jan Beulich wrote:
>> The mmconfig part of this is seriously broken: These operations,
>> even when carried out by Dom0, are MMIO accesses, and hence
>> are invisible to the hypervisor without extra handling. Putting
>> the checks into pci_mmcfg_{read,write}() has the effect of
>> potentially denying the _hypervisor_ access. So I think at least
>> that part needs to be reverted.
>
> I agree - the XSM checks are intended to be done only when the hypervisor
> is accessing on behalf of the domain, which looks to be covered by the
> traps part of the patch. These checks are currently intended to deny a
> domain with IS_PRIV but without full hardware access - in particular,
> without access to the PCI configuration MMIO area - from using legacy
> register access to reconfigure PCI devices.
>
> While it may be useful to extend this access check to include the PCI
> configuration MMIO pages, this would require emulating both reads and
> writes to any page that has entries that a particular domain does not
> have access to. The existing pciback/pcifront configuration access model
> already handles these issues without changes to the hypervisor.
So do I read correctly that you agree to revert that part of said
c/s?
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |