WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthro

To: Joanna Rutkowska <joanna@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Date: Fri, 13 May 2011 12:11:48 +0100
Cc: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxxxx>
Delivery-date: Fri, 13 May 2011 04:13:20 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4DCD1120.5020606@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: Citrix Systems, Inc.
References: <19915.58644.191837.671729@xxxxxxxxxxxxxxxxxxxxxxxx> <4DCD030902000078000412C8@xxxxxxxxxxxxxxxxxx> <4DCD1120.5020606@xxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
On Fri, 2011-05-13 at 12:08 +0100, Joanna Rutkowska wrote:
> On 05/13/11 10:08, Jan Beulich wrote:

> > Finally, wouldn't killing all guests that potentially could have caused
> > the problem be a better measure than bringing down the host?
> > 
> 
> Killing the guest might no longer be enough, because the guest might
> have already programmed the device to keep sending malicious MSIs.

Is it even possible to know which guest triggered the MSI, or is the
best you can do the set of all guests with an MSI capable device passed
through?

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel