[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] possible pciback security issue



Having looked more closely into what would be needed to enable MSI support I 
stumbled across a simple question: If a
domU is granted access to an MSI-capable device, it could maliciously or 
erroneously enable MSI on that device and
program an arbitrary vector to be delivered, or even force the message address 
and/or value to something that might make
the system misbehave/crash.
It would seem to me that filtering only a few header fields is insufficient 
from a security point of view, not only
from the perspective of MSI. While this may severely limit functionality, I 
think by default only read access must be
granted to any fields/bits of unknown meaning (namely everything outside the 
header).

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.