On 29/04/15 13:33, Manish Jaggi wrote: > On Wednesday 29 April 2015 05:51 PM, Julien Grall wrote: >> On 29/04/15 13:12, Manish Jaggi wrote: >>>>> and that too ITS is not in critical path. It is only used when >>>>> configuring interrupts of the device? >>>> You need to think about security... Even though the ITS should only >>>> be used for configuring interrupts, a malicious guest could try to >>>> exploit weakness in the emulation. >>> Can you describe the scenario ? >> I already wrote several times the possible security impacts of the >> polling solution... Please read again the previous mails. > I see your comment "The vITS emulates hardware for a specific domain. A > malicious guest could send request to a not own device" > This scenario cannot happen as guest sbdf is converted to physical sbdf > based on the domain. So if it does not own a device it would be treated > as invalid command.
Can you point the code in this patch series that implement what you said? From what I read, you just forward the command to the physical ITS as long as the guest called MAPD to the device. > Do you have any other security concern ? Yes. The one we talked in every mail since the beginning of this thread "polling in EL2". We got several XSA because the hypervisor code wasn't preemptible (see [1]) [1] http://xenbits.xen.org/xsa/advisory-97.html -- Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
