[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 0/11] Xen PCI Passthrough security fixes



On Tue, 2015-06-02 at 16:47 +0100, Ian Campbell wrote:

ping?

> On Tue, 2015-06-02 at 16:08 +0100, Stefano Stabellini wrote:
> > the following is a collection of QEMU security fixes for PCI Passthrough
> > on Xen.
> 
> Part of this locks down the PCI cfg space emulation, which means we now
> need a way for people to request the old "permissive" behaviour for
> devices which need it. Per the xl docs:
>         It is recommended to enable this option only for trusted VMs
>         under administrator control.
> 
> The toolstack (libxl, xl etc) already support a permissive flag in the
> domain cfg, and this series adds a new device property. All we need to
> do is tie them together.
> 
> The simple version is below. I also have an incremental update which
> uses the QMP device-list-properties command to probe for the presence of
> this property (so things can automatically work with unpatches qemu). I
> think it's not really necessary in this case.
> 
> Ian.
> 
> -----8>---------
> 
> From c395657b03a1e2b7616d987e7078694874981979 Mon Sep 17 00:00:00 2001
> From: Ian Campbell <ian.campbell@xxxxxxxxxx>
> Date: Mon, 1 Jun 2015 11:32:23 +0100
> Subject: [PATCH] tools: libxl: allow permissive qemu-upstream pci
>  passthrough.
> 
> EMBARGOED UNTIL 2015-06-02 12:00 (WITH XSA-131 ET AL)
> 
> Since XSA-131 qemu-xen now restricts access to PCI cfg by default. In
> order to allow local configuration of the existing libxl_device_pci
> "permissive" flag needs to be plumbed through via the new QMP property
> added by the XSA-131 patches.
> 
> Versions of QEMU prior to XSA-131 did not support this permissive
> property, so we only pass it if it is true. Older versions only
> supported permissive mode.
> 
> qemu-xen-traditional already supports the permissive mode setting via
> xenstore.
> 
> Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
> Cc: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
> Cc: Anthony PERARD <anthony.perard@xxxxxxxxxx>
> ---
> v2: Only set argument if permissive==true.
> ---
>  tools/libxl/libxl_qmp.c |   12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/tools/libxl/libxl_qmp.c b/tools/libxl/libxl_qmp.c
> index 9aa7e2e..6484f5e 100644
> --- a/tools/libxl/libxl_qmp.c
> +++ b/tools/libxl/libxl_qmp.c
> @@ -849,6 +849,18 @@ int libxl__qmp_pci_add(libxl__gc *gc, int domid, 
> libxl_device_pci *pcidev)
>          QMP_PARAMETERS_SPRINTF(&args, "addr", "%x.%x",
>                                 PCI_SLOT(pcidev->vdevfn), 
> PCI_FUNC(pcidev->vdevfn));
>      }
> +    /*
> +     * Version of QEMU prior to the XSA-131 fix did not support this
> +     * property and were effectively always in permissive mode. The
> +     * fix for XSA-131 switched the default to be restricted by
> +     * default and added the permissive property.
> +     *
> +     * Therefore in order to support both old and new QEMU we only set
> +     * the permissive flag if it is true. Users of older QEMU have no
> +     * reason to set the flag so this is ok.
> +     */
> +    if (pcidev->permissive)
> +        qmp_parameters_add_bool(gc, &args, "permissive", true);
>  
>      rc = qmp_synchronous_send(qmp, "device_add", args,
>                                NULL, NULL, qmp->timeout);



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.