| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
[Xen-users] Hardware passthrough without MSI-X
Hi Everyone,
A recent email to the kernel mailing list by Konrad Wilk caught my
interest, here's the relevant extract:
"First of Xen PCI frontend driver can be used by PV guests on hardware
that with or without hardware IOMMU. Without an hardware IOMMU you have
a
potential security hole wherein a guest domain can use the hardware to
map
pages outside its memory range and slurp pages up. As such, this is more
restricted to a Privileged PV domain, aka - device driver domain
(similar to Qubes but a poor-man mechanism [1])."
Am I right in thinking that this means hardware pass through to a PV
guest is possible on a system without IOMMU? (Eg. Nvidia chipset
Opteron). How dangerous is the "Potential Security Hole" for VMs
controlled by the system admin?
Thanks,
Rob
The SAQ Group
Registered Office: 18 Chapel Street, Petersfield, Hampshire GU32 3DZ
SAQ is the trading name of SEMTEC Limited. Registered in England & Wales
Company Number: 06481952
http://www.saqnet.co.uk AS29219
SAQ Group Delivers high quality, honestly priced communication and I.T.
services to UK Business.
Broadband : Domains : Email : Hosting : CoLo : Servers : Racks : Transit :
Backups : Managed Networks : Remote Support.
ISPA Member
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] |
Current Thread |
[Next in Thread> |
- [Xen-users] Hardware passthrough without MSI-X,
Robert Dunkley <=
|
|
|
| |
|
Home