Re: [PATCH] Align PCI memory regions to page size (4K) - Fix

[Grant Grundler <grundler@parisc-linux.org>]

On Thu, Nov 08, 2007 at 05:24:00PM -0600, Linas Vepstas wrote:
...
> > E.g. 4 port Gige card could directly support the host and 3 guests with somewhat
> > lower risk of tromping on each other's MMIO space.
> > 
> > If Xen is cooperative, this seems a bit paranoid. I don't recall ever seeing a
> > driver bug where the driver accidentally poked MMIO space at the wrong device.
> 
> I presume the issue is not a driver bug per-se, but a
> spying/hacking-type security issue: Having root in one guest could in
> principle allow one to write a driver that snooped on data in other
> guests, and/or intentionally corrupted data on other guests.

If someone has root on a guest, they could modprobe a driver that
can map any unused virtual address to any physical address they want.
Unless the chipset somehow blocks/refuses to route IO for that guest,
then they can still poke at any other device once they figure out
where addresses are being routed (e.g. directly reading configuration
space or directly accessing chipset specific registers.)

> I envision some ISP renting out 1/3 of a machine with a 4-port card,
> and having some nosey college-kid wannabe hacker getting root on one of
> the guests and causing trouble.  But perhaps I'm waaaayyyyy off base
> here.

I agree this will make it slightly harder. Also makes it much more likely the
box will crash - taking down all the guests. And someone should notice that.

> (Just like occasional cigarette smoking is known to inevitably lead to
> full-fledged heroin addiction, I am pretty sure that the culture of
> "cheat codes" among 12-year-olds is going to lead to an epidemic of
> hackers in about 10 years. I am atuned to "wannabe hacker culture"). 

Ok - but I think there are more serious issues if someone can get
root on a remote box (ignore Virtualization). Several other possible
layers of security have already been "defeated" by then.

thanks,
grant