This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthro

To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
From: Keir Fraser <keir@xxxxxxx>
Date: Tue, 24 May 2011 16:57:27 +0100
Cc: Tim Deegan <Tim.Deegan@xxxxxxxxxxxxx>, "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 24 May 2011 09:12:08 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:user-agent:date:subject:from:to:cc :message-id:thread-topic:thread-index:in-reply-to:mime-version :content-type:content-transfer-encoding; bh=UFQylJtnD/h9exGNViXRNZcM5Ie427FqnCBzesCRgSA=; b=kXG6FgNPuZ4WSTHkbRArLg3zKnmVZJ4uTJKYevYm711RqlbgncQ6q8+IRUg0ntpNhk B11STHQtgHsRvU0Six0DKRqDGJnnaYRLZMiFNkbQwIgdCLun7iTUoeaWD03oXvAQyjmT MRow4Mp/FWy9mCyECTYhluMbVmUZMxb9ET++8=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:user-agent:date:subject:from:to:cc:message-id:thread-topic :thread-index:in-reply-to:mime-version:content-type :content-transfer-encoding; b=PrpZs34YQGzgV1gX9zjzbl9zMXVXYc1zpiiENCxZEOFRjDj9P/hs02nCsqNeXlseca kad6zjUWYP2mwVAbqsLsnoiL0N9nhAhjQdbGq0zPWHdjIrxGY73w0FVG0GhhcToijBSZ KfN3uGzsZ6eHLgqm9/uJfYu7HhGkJvxn7sN3s=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <19931.52091.713851.292632@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcwaK0dbB1td/JIyDE+h2p2VVYx4Zg==
Thread-topic: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
User-agent: Microsoft-Entourage/
On 24/05/2011 16:15, "Ian Jackson" <Ian.Jackson@xxxxxxxxxxxxx> wrote:

> Ian Campbell writes ("Re: [Xen-devel] Xen security advisory CVE-2011-1898 -
> VT-d (PCI passthrough) MSI"):
>> IOMMU: Fail if intremap is not available and iommu=required/force.
>> Rather than sprinkling panic()s throughout the setup code hoist the check up
>> into common code.
>> Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
> Acked-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
> Keir, do you think we should apply this then ?

<sigh> take your pick really. Majority opinion is on the side of this
revised patch, however Intel are the primary maintainers of this code and
they clearly do not like it. If I have a casting vote here, I would be
inclined to plump in favour of the revised patch -- we already have iommu=on
as a best-effort option, and I believe iommu=force could be stronger than it
is. However Joseph's claim that the non-DoS vulns may all now be handled is
not as unconvincing as some seem to believe (and I was in that camp for a
while) -- I can't really see how the attack vector can be successfully
exploited now my mitigation patch is in the tree. So I'm not strongly
inclined one way or the other really.

 -- Keir

> Ian.
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel

Xen-devel mailing list