WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthro

To: "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>
Subject: Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
From: Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Date: Tue, 24 May 2011 10:03:37 +0100
Cc: Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 24 May 2011 02:04:49 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4F65016F6CB04E49BFFA15D4F7B798D901B77B5973@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4DD235010200007800070074@xxxxxxxxxxxxxxxxxx> <4F65016F6CB04E49BFFA15D4F7B798D901B773E6D1@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1305708848.20907.109.camel@xxxxxxxxxxxxxxxxxxxxxx> <4F65016F6CB04E49BFFA15D4F7B798D901B77B4CAF@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20110520101715.GB27118@xxxxxxxxxxxxxxxxxxxxxxx> <4F65016F6CB04E49BFFA15D4F7B798D901B77B5016@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20110522181417.GA4990@xxxxxxxxxxxxxxxxxxxxxxx> <4F65016F6CB04E49BFFA15D4F7B798D901B77B5973@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.21 (2010-09-15)
At 22:35 +0100 on 23 May (1306190138), Cihula, Joseph wrote:
> > This is exactly the behaviour we already have if you don't have an iommu at 
> > all.  The installer
> > already needs to figure out whether there's an IOMMU, or make it optional.
> > 
> > If you really want to rely on TXT and Xen to mutuallly secure each other, 
> > then as far as I can see
> > you _need_ an interrupt remapper in all your supported hardware.  That 
> > being the case, iommu=force
> 
> Let me take one more shot at this, since no one has yet refuted my
> original points.
> 
> Why do you *need* IR to have a secure Xen w/ TXT?  Certainly a DoS is
> very undesirable, but that is not really a security issue.  Tell me
> what security exploits are still possible with the current patches.

The Invisible Things paper lists a selection of possible attack vectors.  
That they only developed and disclosed one actual exploit is, AIUI, as
much a question of manpower as anything else.  I haven't seen any
analysis from Intel to suggest otherwise.

I think Ian's latest patch is the right thing to do.  But since I'm not
a maintainer of that piece of code, and since in practice the decision
will be made for most people by product and distro engineers anyway, I'm
not going to chase this thread around any more.

Cheers,

Tim.

-- 
Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>