| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <063D6719AE5E284EB5DD2968C1650D6D5F4BBEDD@AcuExch.aculab.com> Date: Fri, 13 May 2016 09:16:18 +0000 From: David Laight <David.Laight@...LAB.COM> To: 'Alex Williamson' <alex.williamson@...hat.com>, "Tian, Kevin" <kevin.tian@...el.com> CC: Yongji Xie <xyjxie@...ux.vnet.ibm.com>, "kvm@...r.kernel.org" <kvm@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-pci@...r.kernel.org" <linux-pci@...r.kernel.org>, "linuxppc-dev@...ts.ozlabs.org" <linuxppc-dev@...ts.ozlabs.org>, "iommu@...ts.linux-foundation.org" <iommu@...ts.linux-foundation.org>, "bhelgaas@...gle.com" <bhelgaas@...gle.com>, "aik@...abs.ru" <aik@...abs.ru>, "benh@...nel.crashing.org" <benh@...nel.crashing.org>, "paulus@...ba.org" <paulus@...ba.org>, "mpe@...erman.id.au" <mpe@...erman.id.au>, "joro@...tes.org" <joro@...tes.org>, "warrier@...ux.vnet.ibm.com" <warrier@...ux.vnet.ibm.com>, "zhong@...ux.vnet.ibm.com" <zhong@...ux.vnet.ibm.com>, "nikunj@...ux.vnet.ibm.com" <nikunj@...ux.vnet.ibm.com>, "eric.auger@...aro.org" <eric.auger@...aro.org>, "will.deacon@....com" <will.deacon@....com>, "gwshan@...ux.vnet.ibm.com" <gwshan@...ux.vnet.ibm.com>, "alistair@...ple.id.au" <alistair@...ple.id.au>, "ruscur@...sell.cc" <ruscur@...sell.cc> Subject: RE: [PATCH 5/5] vfio-pci: Allow to mmap MSI-X table if interrupt remapping is supported From: Alex Williamson [mailto:alex.williamson@...hat.com] > Sent: 13 May 2016 06:33 ... > Simply denying direct writes to the vector table or preventing mapping > of the vector table into the user address space does not provide any > tangible form of protection. Many devices make use of window registers > that allow backdoors to arbitrary device registers. Some drivers even > use this as the primary means for configuring MSI-X, which makes them > incompatible with device assignment without device specific quirks to > enable virtualization of these paths. We have one fgpa based PCIe slave where the device driver has to read the MSI-X table and then write the value to other fpga registers so that the logic can generate the correct PCIe write cycle when an interrupt is requested. The MSI-X table itself is only as a PCIe slave. We also have host accessible DMA controllers that the device driver uses to copy data to kernel memory. These could easily be used to generate arbitrary MSI-X requests. As I've said earlier it is almost certainly possible to get any ethernet hardware to perform something similar. So without hardware that is able to limit the memory and MSI-X that each PCIe endpoint can access I believe that if a virtualisation system gives a guest kernel direct access to a PCIe devices it gives the guest kernel the ability to raise and MSI-X interrupt and read/write any physical memory. (I've not looked at the cpu virtualisation support, but do know what the PCIe devices can do.) More interestingly, probably the 'worst' thing (from a security point of view) that changing the MSI-X table lets you do is a write to an arbitrary physical memory address. David
Powered by blists - more mailing lists