|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Xen Advisory 5 (CVE-2011-3131) IOMMU fault livelock
At 14:53 +0100 on 12 Aug (1313160824), Jan Beulich wrote: > > This issue is resolved in changeset 23762:537ed3b74b3f of > > xen-unstable.hg, and 23112:84e3706df07a of xen-4.1-testing.hg. > > Do you really think this helps much? Direct control of the device means > it could also (perhaps on a second vCPU) constantly re-enable the bus > mastering bit. That path goes through qemu/pciback, so at least lets Xen schedule the dom0 tools. The particular failure that this patch fixes was locking up cpu0 so hard that it couldn't even service softirqs, and the NMI watchdog rebooted the machine. But you're right that this doesn't really fix the non-fatal performance degradation. There are probably a lot more ways that a malicious VM with a PCI device could degrade performance, even just by aggressively DMAing to consume bus cycles. I think the best Xen can do is give dom0 a chance to shut down misbehaving guests. Cheers, Tim. -- Tim Deegan <tim@xxxxxxx> Principal Software Engineer, Xen Platform Team Citrix Systems UK Ltd. (Company #02937203, SL9 0BG) _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |