Re: [Xen-devel] [RFC PATCH v2 13/22] xen/arm: its: Add virtual ITS command support

[Julien Grall <julien.grall@xxxxxxxxxx>]

On 29/04/15 13:33, Manish Jaggi wrote:
> On Wednesday 29 April 2015 05:51 PM, Julien Grall wrote:
>> On 29/04/15 13:12, Manish Jaggi wrote:
>>>>> and that too ITS is not in critical path. It is only used when
>>>>> configuring interrupts of the device? 
>>>> You need to think about security... Even though the ITS should only
>>>> be used for configuring interrupts, a malicious guest could try to
>>>> exploit weakness in the emulation. 
>>> Can you describe the scenario ? 
>> I already wrote several times the possible security impacts of the
>> polling solution... Please read again the previous mails.
> I see your comment "The vITS emulates hardware for a specific domain. A
> malicious guest could send request to a not own device"
> This scenario cannot happen as guest sbdf is converted to physical sbdf
> based on the domain. So if it does not own a device it would be treated
> as invalid command.

Can you point the code in this patch series that implement what you
said? From what I read, you just forward the command to the physical ITS
as long as the guest called MAPD to the device.

> Do you have any other security concern ?

Yes. The one we talked in every mail since the beginning of this thread
"polling in EL2". We got several XSA because the hypervisor code wasn't
preemptible (see [1])


[1] http://xenbits.xen.org/xsa/advisory-97.html

-- 
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel