[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Security Advisory 155 (CVE-2015-8550) - paravirtualized drivers incautious about shared memory

On 04/01/16 13:06, Marek Marczykowski-Górecki wrote:
> On Tue, Dec 22, 2015 at 10:06:25AM -0500, Eric Shelton wrote:
>> The XSA mentions that "PV frontend patches will be developed and
>> released (publicly) after the embargo date."  Has anything been done
>> towards this that should also be incorporated into MiniOS?  On a
>> system utilizing a "driver domain," where a backend is running on a
>> domain that is considered unprivileged and untrusted (such as the
>> example described in http://wiki.xenproject.org/wiki/Driver_Domain),
>> it seems XSA-155-style double fetch vulnerabilities in the frontends
>> are also a potential security concern, and should be eliminated.
>> However, perhaps that does not include pcifront, since pciback would
>> always be running in dom0.
> And BTW the same applies to Linux frontends, for which also I haven't seen
> any public development. In attachment my email to
> xen-security-issues-discuss list (sent during embargo), with patches
> attached there. I haven't got any response.

There are no similar security concerns with frontends since they trust
the backend.

I note that you say:

  "But in some cases (namely: if driver domains are in use), frontends
   may be more trusted/privileged than backends."

But this cannot be the case since the backend can always trivially DoS
the frontend by (for example) not unmapping grant references when
required by the protocol.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.