| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 8 Nov 2007 17:24:00 -0600 From: linas@...tin.ibm.com (Linas Vepstas) To: Grant Grundler <grundler@...isc-linux.org> Cc: Greg KH <gregkh@...e.de>, Barak Fargoun <barak@...cleus.com>, linux-kernel@...r.kernel.org, linux-pci@...ey.karlin.mff.cuni.cz, Guy Zana <guy@...cleus.com> Subject: Re: [PATCH] Align PCI memory regions to page size (4K) - Fix On Sun, Oct 28, 2007 at 11:52:16PM -0600, Grant Grundler wrote: > > On Sun, Oct 28, 2007 at 03:53:20PM -0400, Barak Fargoun wrote: > ... > > > About your question: today, some of the hypervisors are using linux > > > kernel as their domain-0 (e.g. Xen). In order to implement direct > > > hardware access for these native domains (e.g. running windows in a > > > virtual machine above Xen), the PCI memory regions should be aligned > > > at-least at the page-level (so, a virtual machine - can't see data of > > > other devices which may not be assigned to it). So, for that reason, > > > we wanted a boot parameter to let us force the kernel to align PCI > > > memory regions at-least at a PAGE_SIZE alignment. It is very useful > > > for hypervisors which are developed at Linux environment (e.g.: Xen). > > It's a benefit IFF multiple devices are spread across more than one guest > _and_ we don't trust every particating guest to play nicely with IO. That way > the Hypervisor can assign one device to a specific guest OS for direct access. > E.g. 4 port Gige card could directly support the host and 3 guests with somewhat > lower risk of tromping on each other's MMIO space. > > If Xen is cooperative, this seems a bit paranoid. I don't recall ever seeing a > driver bug where the driver accidentally poked MMIO space at the wrong device. I presume the issue is not a driver bug per-se, but a spying/hacking-type security issue: Having root in one guest could in principle allow one to write a driver that snooped on data in other guests, and/or intentionally corrupted data on other guests. I envision some ISP renting out 1/3 of a machine with a 4-port card, and having some nosey college-kid wannabe hacker getting root on one of the guests and causing trouble. But perhaps I'm waaaayyyyy off base here. (Just like occasional cigarette smoking is known to inevitably lead to full-fledged heroin addiction, I am pretty sure that the culture of "cheat codes" among 12-year-olds is going to lead to an epidemic of hackers in about 10 years. I am atuned to "wannabe hacker culture"). --linas - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists