[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI

To: "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>
From: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Date: Tue, 24 May 2011 17:56:40 +0100
Cc: Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Delivery-date: Tue, 24 May 2011 09:57:24 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Cihula, Joseph writes ("RE: [Xen-devel] Xen security advisory CVE-2011-1898 - 
VT-d (PCI passthrough) MSI"):
> Why do you *need* IR to have a secure Xen w/ TXT?  Certainly a DoS
> is very undesirable, but that is not really a security issue.

I'm afraid that a DoS is very much a security issue.

>  Tell me what security exploits are still possible with the current
> patches.

As I understand it, a DoS (host crash) is still possible.

> If someone can present a security issue that TXT

I don't understand the contribution of TXT to this.  The issue is with
running untrusted guest kernels.  Necessarily an untrusted guest
kernel isn't checked by TXT; that's what "untrusted guest kernel"
means.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
  - From: Cihula, Joseph

References:
- RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
  - From: Jan Beulich
- RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
  - From: Cihula, Joseph
- RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
  - From: Ian Campbell
- RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
  - From: Cihula, Joseph
- Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
  - From: Tim Deegan
- RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
  - From: Cihula, Joseph
- Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
  - From: Tim Deegan
- RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
  - From: Cihula, Joseph

Prev by Date: Re: [Xen-devel] tools: ocaml build error [and 1 more messages]
Next by Date: Re: [Xen-devel] [PATCH 4 of 4] libxl: Add 'e820_host' option to config file
Previous by thread: Re: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
Next by thread: RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.