[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] bug suspcion and proposed modification when xen-pciback failed to map an irq (-19) to a domU



On 29.11.2019 13:34,  DOZ, MARC (ext)  wrote:
> 
>> Except that this is not a "fix", but the introduction of a security 
>> vulnerability (permitting interrupt setup on un-owned devices). See XSA-237, 
>> which actually changed it in the opposite direction of what you're proposing.
> 
> Ok, I found it :
> https://xenbits.xen.org/xsa/xsa237-4.5/0001-x86-dont-allow-MSI-pIRQ-mapping-on-unowned-device.patch
> 
> "MSI setup should be permitted only for existing devices owned by the 
> respective guest" 
> 
> But how to change the owner of my device or update the 
> pdev->domain->domain_id ?

With the code as is and without an IOMMU there's no pre-cooked
way to, I'm afraid. You could try granting the guest access to
MMIO and IRQ "manually" (there are guest config file options
for this), but I take it you'll be in trouble if (as iirc you've
said) the device / driver want to use MSI.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.