[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4 5/6] xen/x86: add PHYSDEVOP_msi_set_enable



>>> Roger Pau Monné <roger.pau@xxxxxxxxxx> 03/04/19 11:19 AM >>>
>On Sun, Mar 03, 2019 at 02:10:24AM +0100, Marek Marczykowski wrote:
>> On Thu, Feb 28, 2019 at 01:25:50PM +0100, Marek Marczykowski wrote:
>> > On Thu, Feb 28, 2019 at 03:58:37AM -0700, Jan Beulich wrote:
>> > > Another thing: You're also bypassing the MSI{,-X}-already-enabled
>> > > checks that __pci_enable_msi{,x}() do, yet allowing to enable both
>> > > on a device would be a security issue.
>> > 
>> > Ok.
>> 
>> Hmm, could you explain more? Is that only the case when interrupt
>> remapping is missing?
>
>I think what Jan mentions is that the hypercall to enable MSI(-X)
>should make sure PCI INTx is disabled, and prevent enabling both MSI
>and MSI-X on the same device.
>
>The device model that manages the passthrough device should already
>make sure of that, but Xen should also protect itself against
>bad-behaved device models when possible.

Right, and specifically in the case where the device model itself runs with
limited privileges.

Jan




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.