From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Joanna Rutkowska <joanna@invisiblethingslab.com>
Cc: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
Subject: Re: pciback: question about the permissive flag
Date: Fri, 9 Jul 2010 10:09:30 -0400 [thread overview]
Message-ID: <20100709140929.GC5302@phenom.dumpdata.com> (raw)
In-Reply-To: <4C34F05A.20407@invisiblethingslab.com>
On Wed, Jul 07, 2010 at 11:23:38PM +0200, Joanna Rutkowska wrote:
> On 07/07/10 17:18, Konrad Rzeszutek Wilk wrote:
> > On Tue, Jul 06, 2010 at 11:37:27PM +0200, Joanna Rutkowska wrote:
> >> I'm trying to understand the purpose of the permissive flag in the Xen
> >> pciback driver. The comments in the code suggest that setting
> >> permissive=1 is "potentially unsafe", and I've been wondering why?
> >>
> >> My thinking goes this way -- we either:
> >>
> >> 1) have IOMMU/VT-d in the system, and use it to isolate the device
> >> assigned to a DomU, in which case allowing the DomU to fully control the
> >> assigned device's config space should not be a problem because VT-d
> >
> > But that is not the case. The PCI config writes are actually done by
> > Dom0. The Xen PCI frontend redirects all config space reads/writes to
> > the Xen PCI backend that does them on the guest behalf.
> >
>
> Hmm, not sure if I understand why you wrote "this is not the case"
> above? Of course DomU cannot directly change anything in PCI config
> space of any device, because its kernel code executes in Ring 3 or 1,
> and cannot do IO to 0xcf8/cfc. But I was under impression that once we
> assign a PCI device to the DomU, and once we set permissive=1, then this
> would effectively allow DomU to fully control the device config space.
> Is this not correct?
That is correct.
>
> > There are some backend-backend config space libs that deal with
> > different regions (power, MSI), and for those that are not present
> > the permissive flag is used to figure out whether the guest is allowed
> > to write to that region.
> >
>
> What do you mean by a "backend-backend" lib?
drivers/xen/pciback/conf_space_*
>
> joanna.
>
prev parent reply other threads:[~2010-07-09 14:09 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-06 21:37 pciback: question about the permissive flag Joanna Rutkowska
2010-07-07 6:32 ` Keir Fraser
2010-07-07 13:30 ` Ian Pratt
2010-07-07 14:05 ` Joanna Rutkowska
2010-07-07 15:28 ` Konrad Rzeszutek Wilk
2010-07-07 15:44 ` Ian Pratt
2010-07-07 21:41 ` Joanna Rutkowska
2010-07-07 22:51 ` Ian Pratt
2010-07-07 15:18 ` Konrad Rzeszutek Wilk
2010-07-07 21:23 ` Joanna Rutkowska
2010-07-09 14:09 ` Konrad Rzeszutek Wilk [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100709140929.GC5302@phenom.dumpdata.com \
--to=konrad.wilk@oracle.com \
--cc=joanna@invisiblethingslab.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).