Hi David and Kevin,
On 2016/5/5 17:54, David Laight wrote:
From: Tian, Kevin
Sent: 05 May 2016 10:37
...
Acutually, we are not aimed at accessing MSI-X table from
guest. So I think it's safe to passthrough MSI-X table if we
can make sure guest kernel would not touch MSI-X table in
normal code path such as para-virtualized guest kernel on PPC64.
Then how do you prevent malicious guest kernel accessing it?
Or a malicious guest driver for an ethernet card setting up
the receive buffer ring to contain a single word entry that
contains the address associated with an MSI-X interrupt and
then using a loopback mode to cause a specific packet be
received that writes the required word through that address.
Remember the PCIe cycle for an interrupt is a normal memory write
cycle.
David
If we have enough permission to load a malicious driver or
kernel, we can easily break the guest without exposed
MSI-X table.
I think it should be safe to expose MSI-X table if we can
make sure that malicious guest driver/kernel can't use
the MSI-X table to break other guest or host. The
capability of IRQ remapping could provide this
kind of protection.
Thanks,
Yongji
--
To unsubscribe from this list: send the line "unsubscribe linux-pci" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html