|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [RFC PATCH v2 13/22] xen/arm: its: Add virtual ITS command support
On Wednesday 29 April 2015 06:31 PM, Julien Grall wrote: We are removing polling using command processing completion which is signalled using INT interrupt.On 29/04/15 13:33, Manish Jaggi wrote:On Wednesday 29 April 2015 05:51 PM, Julien Grall wrote:On 29/04/15 13:12, Manish Jaggi wrote:and that too ITS is not in critical path. It is only used when configuring interrupts of the device?You need to think about security... Even though the ITS should only be used for configuring interrupts, a malicious guest could try to exploit weakness in the emulation.Can you describe the scenario ?I already wrote several times the possible security impacts of the polling solution... Please read again the previous mails.I see your comment "The vITS emulates hardware for a specific domain. A malicious guest could send request to a not own device" This scenario cannot happen as guest sbdf is converted to physical sbdf based on the domain. So if it does not own a device it would be treated as invalid command.Can you point the code in this patch series that implement what you said? From what I read, you just forward the command to the physical ITS as long as the guest called MAPD to the device.Do you have any other security concern ?Yes. The one we talked in every mail since the beginning of this thread "polling in EL2". We got several XSA because the hypervisor code wasn't preemptible (see [1]) [1] http://xenbits.xen.org/xsa/advisory-97.html _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |