RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI

WARNING - OLD ARCHIVES

http://lists.xen.org/

To:

Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Ian Pratt <Ian.Pratt@xxxxxxxxxxxxx>

Subject:

RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI

From:

"Cihula, Joseph" <joseph.cihula@xxxxxxxxx>

Date:

Tue, 24 May 2011 12:35:16 -0700

Accept-language:

en-US

Acceptlanguage:

en-US

Cc:

Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>, Tim, Deegan <Tim.Deegan@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>

Delivery-date:

Tue, 24 May 2011 12:35:58 -0700

Envelope-to:

www-data@xxxxxxxxxxxxxxxxxxx

In-reply-to:

<19931.59237.816706.497141@xxxxxxxxxxxxxxxxxxxxxxxx>

List-help:

<mailto:xen-devel-request@lists.xensource.com?subject=help>

List-id:

Xen developer discussion <xen-devel.lists.xensource.com>

List-post:

<mailto:xen-devel@lists.xensource.com>

List-subscribe:

<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>

List-unsubscribe:

<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>

References:

<19931.52091.713851.292632@xxxxxxxxxxxxxxxxxxxxxxxx> <CA0193F7.2DA3B%keir@xxxxxxx> <4FA716B1526C7C4DB0375C6DADBC4EA3B2C2ABD055@xxxxxxxxxxxxxxxxxxxxxxxxx> <19931.59237.816706.497141@xxxxxxxxxxxxxxxxxxxxxxxx>

Sender:

xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

Thread-index:

AcwaNglNf8NdxHwYTJu1npm/ttLCxQAEiIFQ

Thread-topic:

[Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI

> From: Ian Jackson [mailto:Ian.Jackson@xxxxxxxxxxxxx]
> Sent: Tuesday, May 24, 2011 10:14 AM
> 
> Ian Pratt writes ("RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d 
> (PCI passthrough)
> MSI"):
> > My inclination would be such that iommu=force is allowed on non IR
> > systems, but where IR is expected to be present e.g. sandybridge
> > generation we insist that it is enabled (i.e. that the BIOS supports
> > it).
> 
> I don't think that's a conceptually coherent point of view, unless the 
> purpose is to avoid
> marketing embarrassment.
> 
> Either IR is required for a secure system with passthrough, in which case 
> iommu=force should
> require IR, or it is not required for a secure system with passthrough, in 
> which case iommu=force
> should not insist on it.

None of the proposed patches check for whether passthrough is being used.  Nor 
can they check whether it is being used safely (it may be used for performance 
by domains that are trusted).

Whether IR is required for a secure system with passthrough depends on the 
usage model (as I indicated in an earlier email).  The user/distributor should 
decide whether their usage model requires it or not.  If it does, then all they 
need to do is run on HW that supports IR (and if they're worried about the 
pre-OS attack then use TXT, which would be necessary anyway).

> Whether it is required for security doesn't depend on whether it is actually 
> available.  That
> there are some motherboards which cannot do passthrough securely does not 
> mean that we should
> allow users of those boards to be led up the garden path.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: xl/xm save -c fails - set_vcpucontext EOPNOTSUPP (was Re: [Xen-devel] xl save -c issues with Windows 7 Ultimate), AP Xen

Next by Date:

Re: [Xen-devel] New 4.0.2 and 4.1.1 release candidates, Keir Fraser

Previous by Thread:

RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI, Ian Jackson

Next by Thread:

[Xen-devel] [PATCH] x86: further adjustments to arch_set_info_guest() after c/s 23142:f5e8d152a565, Jan Beulich

Indexes:

[Date] [Thread] [Top] [All Lists]