|
From: | Anthony Liguori |
Subject: | Re: [Qemu-devel] [PATCH 0/7] ATAPI CDROM passthrough v5 |
Date: | Sat, 29 Aug 2009 19:14:06 -0500 |
User-agent: | Thunderbird 2.0.0.23 (X11/20090825) |
Carl-Daniel Hailfinger wrote:
The guest can also mess up other devices with the help of specially crafted firmware. So even if the user does not care about the effects on a particular device, a firmware upgrade might affect other devices (which are not used by Qemu in any way) as well.
Please be more specific. How is this any different than PCI passthrough with VT-d or USB passthrough?
As a result, this is essentially a "break out of qemu or DoS the machine under certain conditions" feature. If that particular side effect / feature is documented, users who read the documentation won't get any nasty surprises.
A user will get a really nasty surprise if they think they can use a flag or rely on QEMU to prevent a VM from doing something nasty with a device. If they have this feeling of security, they're likely to chmod the device to allow unprivileged users to access it.
But how a device handles ATAPI commands is totally up to the device. If you issue the wrong sequence, I'm sure there are devices out there that totally hose themselves. Are you absolutely confident that every ATAPI device out there is completely safe against hostile code provided that you simply prevent the FW update commands? I'm certainly not.
Regards, Anthony Liguori
[Prev in Thread] | Current Thread | [Next in Thread] |