|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] libxl: passthrough: avoid passing through devices not owned by pciback
Hi, Ian
Any other comments for this patch?
Thanks,
-Xudong
> -----Original Message-----
> From: Hao, Xudong
> Sent: Thursday, April 05, 2012 11:37 PM
> To: 'Ian Jackson'
> Cc: xen-devel@xxxxxxxxxxxxxxxxxxx; Kay, Allen M
> Subject: RE: [Xen-devel] [PATCH] libxl: passthrough: avoid passing through
> devices not owned by pciback
>
> <Porting from xen 4.1, patch on Xen unstable 25138>
>
> libxl: passthrough: avoid passing through devices not owned by pciback
>
> This patch makes sure the passthrough device belongs to pciback before allow
> them passthrough to the guest. There are still many other checks missing.
>
> xm terminates the guest startup process when this type of condition is found.
> This patch just allows the guest to continue to boot but with no device
> passthrough.
>
> Signed-off-by: Allen Kay <allen.m.kay@xxxxxxxxx>
> Signed-off-by: Xudong Hao <xudong.hao@xxxxxxxxx>
>
> diff -r 4e1d091d10d8 tools/libxl/libxl_pci.c
> --- a/tools/libxl/libxl_pci.c Fri Mar 16 15:24:25 2012 +0000
> +++ b/tools/libxl/libxl_pci.c Thu Mar 22 00:43:14 2012 +0800
> @@ -779,6 +779,24 @@ int libxl_device_pci_add(libxl_ctx *ctx,
> return rc;
> }
>
> +static int libxl_pcidev_assignable(libxl_ctx *ctx, libxl_device_pci
> +*pcidev) {
> + libxl_device_pci *pcidevs;
> + int num, i;
> +
> + pcidevs = libxl_device_pci_list_assignable(ctx, &num);
> + for (i = 0; i < num; i++) {
> + if (pcidevs[i].domain == pcidev->domain &&
> + pcidevs[i].bus == pcidev->bus &&
> + pcidevs[i].dev == pcidev->dev &&
> + pcidevs[i].func == pcidev->func)
> + {
> + return 1;
> + }
> + }
> + return 0;
> +}
> +
> int libxl__device_pci_add(libxl__gc *gc, uint32_t domid, libxl_device_pci
> *pcidev, int starting) {
> libxl_ctx *ctx = libxl__gc_owner(gc); @@ -789,6 +807,13 @@ int
> libxl__device_pci_add(libxl__gc *gc,
>
> rc = libxl__device_pci_setdefault(gc, pcidev);
> if (rc) goto out;
> +
> + if (!libxl_pcidev_assignable(ctx, pcidev)) {
> + LIBXL__LOG(ctx, LIBXL__LOG_ERROR, "PCI device %x:%x:%x.%x is
> not assignable",
> + pcidev->domain, pcidev->bus, pcidev->dev,
> pcidev->func);
> + rc = ERROR_FAIL;
> + goto out;
> + }
>
> rc = get_all_assigned_devices(gc, &assigned, &num_assigned);
> if ( rc ) {
>
> Thanks,
> -Xudong
>
> > -----Original Message-----
> > From: Ian Jackson [mailto:Ian.Jackson@xxxxxxxxxxxxx]
> > Sent: Thursday, April 05, 2012 10:42 PM
> > To: Hao, Xudong
> > Cc: xen-devel@xxxxxxxxxxxxxxxxxxx; Kay, Allen M
> > Subject: RE: [Xen-devel] [PATCH] libxl: passthrough: avoid passing through
> > devices not owned by pciback
> >
> > Hao, Xudong writes ("RE: [Xen-devel] [PATCH] libxl: passthrough: avoid
> passing
> > through devices not owned by pciback"):
> > >
> > > > -----Original Message-----
> > > > From: Ian Jackson [mailto:Ian.Jackson@xxxxxxxxxxxxx]
> > > > Sent: Tuesday, April 03, 2012 1:01 AM
> > > > To: Hao, Xudong
> > > > Cc: xen-devel@xxxxxxxxxxxxxxxxxxx; Kay, Allen M
> > > > Subject: Re: [Xen-devel] [PATCH] libxl: passthrough: avoid passing
> > > > through devices not owned by pciback
> > > >
> > > > Hao, Xudong writes ("[Xen-devel] [PATCH] libxl: passthrough: avoid
> > > > passing through devices not owned by pciback"):
> > > > > <Porting from Xen 4.1 tree.>
> > > > >
> > > > > libxl: passthrough: avoid passing through devices not owned by
> > > > > pciback
> > > >
> > > > I'm afraid this no longer applies to xen-unstable.hg tip.
> > > >
> > > Reason?
> > >
> > > If no pciback checking, one device could be assigned to guest even it's
> > > being
> > used by dom0, is there security issue?
> >
> > I mean that it has conflicts when I try to apply it. You need to refresh
> > it.
> >
> > Thanks,
> > Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |