This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] [PATCH] x86: protect MSI-X table and pending bit array f

To: "Konrad Rzeszutek Wilk" <konrad.wilk@xxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] x86: protect MSI-X table and pending bit array from guest writes
From: "Jan Beulich" <JBeulich@xxxxxxxxxx>
Date: Tue, 21 Sep 2010 17:07:41 +0100
Cc: yunhong.jiang@xxxxxxxxx, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 21 Sep 2010 09:07:53 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20100921151749.GA20764@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4C977C870200007800017B92@xxxxxxxxxxxxxxxxxx> <20100921151749.GA20764@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
>>> On 21.09.10 at 17:17, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> wrote:
> On Mon, Sep 20, 2010 at 02:23:51PM +0100, Jan Beulich wrote:
>> These structures are used by Xen, and hence guests must not be able
>> to fiddle with them.
>> qemu-dm currently plays with the MSI-X table, requiring Dom0 to
>> still have write access. This is broken (explicitly allowing the guest
>> write access to the mask bit) and should be fixed in qemu-dm, at which
>> time Dom0 won't need any special casing anymore.
>> The changes are made under the assumption that p2m_mmio_direct will
>> only ever be used for order 0 pages.
>> An open question is whether dealing with pv guests (including the
>> IOMMU-less case) is necessary, as handling mappings a domain may
>> already have in place at the time the first interrupt gets set up
>> would require scanning all of the guest's L1 page table pages.
> When the PCI passthrough is utilized for PV guests we utilize
> the xc_domain_iomem_permission, xc_domain_ioport_permission, and
> xc_physdev_map_pirq before we even start the guest.
> With your patch, will the MFN regions that are specified by the
> iomem_permission still be visible to the PV domain?

Yes, just that the page(s) containing MSI-X table and PBA won't
be writeable anymore (if the guest tries to map them so, they'll
get mapped read-only). And yes, the MSI-X table should be
ignored by pv guests altogether, and the PBA (afaict) isn't being
used by Linux up to now.


Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>