[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 0/11] Xen PCI Passthrough security fixes
On Tue, 2015-06-02 at 16:08 +0100, Stefano Stabellini wrote: > the following is a collection of QEMU security fixes for PCI Passthrough > on Xen. Part of this locks down the PCI cfg space emulation, which means we now need a way for people to request the old "permissive" behaviour for devices which need it. Per the xl docs: It is recommended to enable this option only for trusted VMs under administrator control. The toolstack (libxl, xl etc) already support a permissive flag in the domain cfg, and this series adds a new device property. All we need to do is tie them together. The simple version is below. I also have an incremental update which uses the QMP device-list-properties command to probe for the presence of this property (so things can automatically work with unpatches qemu). I think it's not really necessary in this case. Ian. -----8>--------- From c395657b03a1e2b7616d987e7078694874981979 Mon Sep 17 00:00:00 2001 From: Ian Campbell <ian.campbell@xxxxxxxxxx> Date: Mon, 1 Jun 2015 11:32:23 +0100 Subject: [PATCH] tools: libxl: allow permissive qemu-upstream pci passthrough. EMBARGOED UNTIL 2015-06-02 12:00 (WITH XSA-131 ET AL) Since XSA-131 qemu-xen now restricts access to PCI cfg by default. In order to allow local configuration of the existing libxl_device_pci "permissive" flag needs to be plumbed through via the new QMP property added by the XSA-131 patches. Versions of QEMU prior to XSA-131 did not support this permissive property, so we only pass it if it is true. Older versions only supported permissive mode. qemu-xen-traditional already supports the permissive mode setting via xenstore. Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx> Cc: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx> Cc: Anthony PERARD <anthony.perard@xxxxxxxxxx> --- v2: Only set argument if permissive==true. --- tools/libxl/libxl_qmp.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tools/libxl/libxl_qmp.c b/tools/libxl/libxl_qmp.c index 9aa7e2e..6484f5e 100644 --- a/tools/libxl/libxl_qmp.c +++ b/tools/libxl/libxl_qmp.c @@ -849,6 +849,18 @@ int libxl__qmp_pci_add(libxl__gc *gc, int domid, libxl_device_pci *pcidev) QMP_PARAMETERS_SPRINTF(&args, "addr", "%x.%x", PCI_SLOT(pcidev->vdevfn), PCI_FUNC(pcidev->vdevfn)); } + /* + * Version of QEMU prior to the XSA-131 fix did not support this + * property and were effectively always in permissive mode. The + * fix for XSA-131 switched the default to be restricted by + * default and added the permissive property. + * + * Therefore in order to support both old and new QEMU we only set + * the permissive flag if it is true. Users of older QEMU have no + * reason to set the flag so this is ok. + */ + if (pcidev->permissive) + qmp_parameters_add_bool(gc, &args, "permissive", true); rc = qmp_synchronous_send(qmp, "device_add", args, NULL, NULL, qmp->timeout); -- 1.7.10.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |