This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthro

To: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Subject: Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
From: Joanna Rutkowska <joanna@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 13 May 2011 13:20:45 +0200
Cc: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxxxx>
Delivery-date: Fri, 13 May 2011 04:19:40 -0700
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=message-id:date:from:mime-version:to:cc:subject:references:in-reply-to:content-type; s=smtpout; bh=ZsjlEBImK5byxxzLcftxGQwpvDU=; b=T8hWnBZrx1Ok7J8SxYsqsjc3JW7MgupXC8B550dbVq0YsW83uxWIocu7gRo+wVZtEpFSZKZrgvkSGuqrN7w3JSE8dA4jyhWjjb5K7WR6dbu1aV1qqQ2VTWExBuO/dkNZhQ303tEtouRsqyEp4lQczCqbuhaKNj3NIpkp3iuN9wQ=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1305285108.31488.105.camel@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <19915.58644.191837.671729@xxxxxxxxxxxxxxxxxxxxxxxx> <4DCD030902000078000412C8@xxxxxxxxxxxxxxxxxx> <4DCD1120.5020606@xxxxxxxxxxxxxxxxxxxxxx> <1305285108.31488.105.camel@xxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20110421 Fedora/3.1.9-2.fc14 Lightning/1.0b3pre Thunderbird/3.1.9
On 05/13/11 13:11, Ian Campbell wrote:
> On Fri, 2011-05-13 at 12:08 +0100, Joanna Rutkowska wrote:
>> On 05/13/11 10:08, Jan Beulich wrote:
>>> Finally, wouldn't killing all guests that potentially could have caused
>>> the problem be a better measure than bringing down the host?
>> Killing the guest might no longer be enough, because the guest might
>> have already programmed the device to keep sending malicious MSIs.
> Is it even possible to know which guest triggered the MSI, or is the
> best you can do the set of all guests with an MSI capable device passed
> through?

Ah, probably you're right -- if we have more than one driver domain,
then I think LAPIC would not tell us which device genrated the MSI.

In fact it's not really correct to assume that it must have been a guest
with a "MSI capable device" -- note that we don't trigger the MSI via
the official MSI triggering mechanism.


Attachment: signature.asc
Description: OpenPGP digital signature

Xen-devel mailing list
<Prev in Thread] Current Thread [Next in Thread>