|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Xen Advisory 5 (CVE-2011-3131) IOMMU fault livelock
>>> On 12.08.11 at 15:27, Xen.org security team <security@xxxxxxx> wrote: > IMPACT > ====== > > A malicious guest administrator of a VM that has direct control of a > PCI[E] device can cause a performance degradation, and possibly hang the > host. > > RESOLUTION > ========== > > This issue is resolved in changeset 23762:537ed3b74b3f of > xen-unstable.hg, and 23112:84e3706df07a of xen-4.1-testing.hg. Do you really think this helps much? Direct control of the device means it could also (perhaps on a second vCPU) constantly re-enable the bus mastering bit. Preventing that would need cooperation with pciback or filtering of subsequent config space writes directly in the hypervisor (the latter could become difficult when mmcfg is being used by Dom0 even for base accesses). Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |