WARNING - OLD ARCHIVES

"Jan Beulich" <jbeulich@xxxxxxxxxx> · 2006年5月04日 14:57:34 +0200

Having looked more closely into what would be needed to enable MSI support I 
stumbled across a simple question: If a
domU is granted access to an MSI-capable device, it could maliciously or 
erroneously enable MSI on that device and
program an arbitrary vector to be delivered, or even force the message address 
and/or value to something that might make
the system misbehave/crash.
It would seem to me that filtering only a few header fields is insufficient 
from a security point of view, not only
from the perspective of MSI. While this may severely limit functionality, I 
think by default only read access must be
granted to any fields/bits of unknown meaning (namely everything outside the 
header).
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

To:	<xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject:	[Xen-devel] possible pciback security issue
From:	"Jan Beulich" <jbeulich@xxxxxxxxxx>
Date:	2006年5月04日 14:57:34 +0200
Delivery-date:	2006年5月04日 05:56:56 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] possible pciback security issue, Jan Beulich <= Re: [Xen-devel] possible pciback security issue , Keir Fraser Re: [Xen-devel] possible pciback security issue , Jan Beulich Re: [Xen-devel] possible pciback security issue , Keir Fraser Re: [Xen-devel] possible pciback security issue , Ryan

Previous by Date:	RE: [Xen-devel] possible to give/switch direct graphics hw access to doms? , Petersson, Mats
Next by Date:	Re: [Xen-devel] possible pciback security issue , Keir Fraser
Previous by Thread:	RE: [Xen-devel] possible to give/switch direct graphics hw access to doms? , Petersson, Mats
Next by Thread:	Re: [Xen-devel] possible pciback security issue , Keir Fraser
Indexes:	[Date] [Thread] [Top] [All Lists]

WARNING - OLD ARCHIVES

xen-devel

[Xen-devel] possible pciback security issue