WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthro

from [Joanna Rutkowska] [Permanent Link][Original]
To: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Subject: Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
From: Joanna Rutkowska <joanna@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 13 May 2011 13:20:45 +0200
Cc: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxxxx>
Delivery-date: Fri, 13 May 2011 04:19:40 -0700
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=message-id:date:from:mime-version:to:cc:subject:references:in-reply-to:content-type; s=smtpout; bh=ZsjlEBImK5byxxzLcftxGQwpvDU=; b=T8hWnBZrx1Ok7J8SxYsqsjc3JW7MgupXC8B550dbVq0YsW83uxWIocu7gRo+wVZtEpFSZKZrgvkSGuqrN7w3JSE8dA4jyhWjjb5K7WR6dbu1aV1qqQ2VTWExBuO/dkNZhQ303tEtouRsqyEp4lQczCqbuhaKNj3NIpkp3iuN9wQ=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1305285108.31488.105.camel@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <19915.58644.191837.671729@xxxxxxxxxxxxxxxxxxxxxxxx> <4DCD030902000078000412C8@xxxxxxxxxxxxxxxxxx> <4DCD1120.5020606@xxxxxxxxxxxxxxxxxxxxxx> <1305285108.31488.105.camel@xxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110421 Fedora/3.1.9-2.fc14 Lightning/1.0b3pre Thunderbird/3.1.9 
On 05/13/11 13:11, Ian Campbell wrote:
> On Fri, 2011-05-13 at 12:08 +0100, Joanna Rutkowska wrote:
>> On 05/13/11 10:08, Jan Beulich wrote:
> 
>>> Finally, wouldn't killing all guests that potentially could have caused
>>> the problem be a better measure than bringing down the host?
>>>
>>
>> Killing the guest might no longer be enough, because the guest might
>> have already programmed the device to keep sending malicious MSIs.
> 
> Is it even possible to know which guest triggered the MSI, or is the
> best you can do the set of all guests with an MSI capable device passed
> through?
> 

Ah, probably you're right -- if we have more than one driver domain,
then I think LAPIC would not tell us which device genrated the MSI.

In fact it's not really correct to assume that it must have been a guest
with a "MSI capable device" -- note that we don't trigger the MSI via
the official MSI triggering mechanism.

joanna.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI, Ian Campbell
Next by Date:  Re: [Xen-users] xl block-list error., Joseph Glanville
Previous by Thread:  Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI, Ian Campbell
Next by Thread:  Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI, Jan Beulich
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy