lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 15 Aug 2017 14:48:52 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Benjamin Herrenschmidt' <benh@...nel.crashing.org>,
        Jike Song <jike.song@...el.com>,
        Robin Murphy <robin.murphy@....com>
CC:     Vlad Tsyrklevich <vlad@...rklevich.net>, Neo Jia <cjia@...dia.com>,
        "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        Eric Auger <eric.auger@...hat.com>,
        Alexey Kardashevskiy <aik@...abs.ru>,
        "David Woodhouse" <dwmw2@...radead.org>,
        Joerg Roedel <joro@...tes.org>,
        "Kyle Mahlkuch" <Kyle.Mahlkuch@....com>,
        Kirti Wankhede <kwankhede@...dia.com>,
        "kvm-ppc@...r.kernel.org" <kvm-ppc@...r.kernel.org>,
        "iommu@...ts.linux-foundation.org" <iommu@...ts.linux-foundation.org>,
        Yongji Xie <elohimes@...il.com>,
        Alex Williamson <alex.williamson@...hat.com>,
        Mauricio Faria de Oliveira <mauricfo@...ux.vnet.ibm.com>,
        Paul Mackerras <paulus@...ba.org>,
        "Bjorn Helgaas" <bhelgaas@...gle.com>,
        Arvind Yadav <arvind.yadav.cs@...il.com>,
        "linuxppc-dev@...ts.ozlabs.org" <linuxppc-dev@...ts.ozlabs.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        David Gibson <david@...son.dropbear.id.au>
Subject: RE: [RFC PATCH v5 0/5] vfio-pci: Add support for mmapping MSI-X
 table

From: Benjamin Herrenschmidt
> Sent: 15 August 2017 02:34
> On Tue, 2017-08-15 at 09:16 +0800, Jike Song wrote:
> > > Taking a step back, though, why does vfio-pci perform this check in the
> > > first place? If a malicious guest already has control of a device, any
> > > kind of interrupt spoofing it could do by fiddling with the MSI-X
> > > message address/data it could simply do with a DMA write anyway, so the
> > > security argument doesn't stand up in general (sure, not all PCIe
> > > devices may be capable of arbitrary DMA, but that seems like more of a
> > > tenuous security-by-obscurity angle to me).
> 
> I tried to make that point for years, thanks for re-iterating it :-)

Indeed, we have an FPGA based PCIe card where the MSI-X table is just a
piece of PCIe accessible memory.
The device driver has to read the MSI-X table and write the address+data
values to other registers which are then used to raise the interrupt.
(Ok, I've written a better interrupt generator so we don't do that
any more.)

	David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ