From: Joanna Rutkowska <joanna@invisiblethingslab.com>
To: Ian Campbell <Ian.Campbell@citrix.com>
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>,
"xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>,
Keir Fraser <keir@xen.org>, Jan Beulich <JBeulich@novell.com>
Subject: Re: Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
Date: Fri, 13 May 2011 13:20:45 +0200 [thread overview]
Message-ID: <4DCD140D.9000108@invisiblethingslab.com> (raw)
In-Reply-To: <1305285108.31488.105.camel@zakaz.uk.xensource.com>
[-- Attachment #1.1: Type: text/plain, Size: 952 bytes --]
On 05/13/11 13:11, Ian Campbell wrote:
> On Fri, 2011-05-13 at 12:08 +0100, Joanna Rutkowska wrote:
>> On 05/13/11 10:08, Jan Beulich wrote:
>
>>> Finally, wouldn't killing all guests that potentially could have caused
>>> the problem be a better measure than bringing down the host?
>>>
>>
>> Killing the guest might no longer be enough, because the guest might
>> have already programmed the device to keep sending malicious MSIs.
>
> Is it even possible to know which guest triggered the MSI, or is the
> best you can do the set of all guests with an MSI capable device passed
> through?
>
Ah, probably you're right -- if we have more than one driver domain,
then I think LAPIC would not tell us which device genrated the MSI.
In fact it's not really correct to assume that it must have been a guest
with a "MSI capable device" -- note that we don't trigger the MSI via
the official MSI triggering mechanism.
joanna.
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 518 bytes --]
[-- Attachment #2: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
next prev parent reply other threads:[~2011-05-13 11:20 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-12 13:48 Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI Ian Jackson
2011-05-12 13:49 ` Ian Jackson
2011-05-13 8:08 ` Jan Beulich
2011-05-13 11:08 ` Joanna Rutkowska
2011-05-13 11:11 ` Ian Campbell
2011-05-13 11:20 ` Joanna Rutkowska [this message]
2011-05-13 12:34 ` Jan Beulich
2011-05-13 12:29 ` Jan Beulich
2011-05-13 12:50 ` Tim Deegan
2011-05-13 10:25 ` Ian Campbell
2011-05-16 21:34 ` Cihula, Joseph
2011-05-18 8:53 ` Ian Campbell
2011-05-18 10:03 ` Keir Fraser
2011-05-18 10:06 ` Ian Campbell
2011-05-13 17:32 ` Joanna Rutkowska
2011-05-13 17:35 ` Joanna Rutkowska
-- strict thread matches above, loose matches on Subject: below --
2011-05-17 7:42 Jan Beulich
2011-05-17 22:52 ` Cihula, Joseph
2011-05-18 8:54 ` Ian Campbell
2011-05-19 20:48 ` Cihula, Joseph
2011-05-20 10:17 ` Tim Deegan
2011-05-20 16:02 ` Cihula, Joseph
2011-05-22 18:14 ` Tim Deegan
2011-05-23 21:35 ` Cihula, Joseph
2011-05-24 9:03 ` Tim Deegan
2011-05-24 16:56 ` Ian Jackson
2011-05-24 19:23 ` Cihula, Joseph
2011-05-25 10:46 ` Alan Cox
2011-05-20 17:19 ` Ian Jackson
2011-05-22 18:15 ` Tim Deegan
2011-05-23 9:02 ` Ian Campbell
2011-05-24 15:15 ` Ian Jackson
2011-05-24 15:57 ` Keir Fraser
2011-05-24 16:16 ` Ian Pratt
2011-05-24 17:14 ` Ian Jackson
2011-05-24 19:35 ` Cihula, Joseph
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DCD140D.9000108@invisiblethingslab.com \
--to=joanna@invisiblethingslab.com \
--cc=Ian.Campbell@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=JBeulich@novell.com \
--cc=keir@xen.org \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).