From: Ian Jackson <Ian.Jackson@eu.citrix.com>
To: "Cihula, Joseph" <joseph.cihula@intel.com>
Cc: Ian Campbell <Ian.Campbell@eu.citrix.com>,
"xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>,
Tim Deegan <Tim.Deegan@citrix.com>
Subject: RE: Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI
Date: Tue, 24 May 2011 17:56:40 +0100 [thread overview]
Message-ID: <19931.58184.270083.947086@mariner.uk.xensource.com> (raw)
In-Reply-To: <4F65016F6CB04E49BFFA15D4F7B798D901B77B5973@orsmsx506.amr.corp.intel.com>
Cihula, Joseph writes ("RE: [Xen-devel] Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI"):
> Why do you *need* IR to have a secure Xen w/ TXT? Certainly a DoS
> is very undesirable, but that is not really a security issue.
I'm afraid that a DoS is very much a security issue.
> Tell me what security exploits are still possible with the current
> patches.
As I understand it, a DoS (host crash) is still possible.
> If someone can present a security issue that TXT
I don't understand the contribution of TXT to this. The issue is with
running untrusted guest kernels. Necessarily an untrusted guest
kernel isn't checked by TXT; that's what "untrusted guest kernel"
means.
Ian.
next prev parent reply other threads:[~2011-05-24 16:56 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-17 7:42 Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI Jan Beulich
2011-05-17 22:52 ` Cihula, Joseph
2011-05-18 8:54 ` Ian Campbell
2011-05-19 20:48 ` Cihula, Joseph
2011-05-20 10:17 ` Tim Deegan
2011-05-20 16:02 ` Cihula, Joseph
2011-05-22 18:14 ` Tim Deegan
2011-05-23 21:35 ` Cihula, Joseph
2011-05-24 9:03 ` Tim Deegan
2011-05-24 16:56 ` Ian Jackson [this message]
2011-05-24 19:23 ` Cihula, Joseph
2011-05-25 10:13 ` Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI [and 2 more messages] Ian Jackson
2011-06-01 18:06 ` Cihula, Joseph
2011-05-25 10:46 ` Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI Alan Cox
2011-05-20 17:19 ` Ian Jackson
2011-05-22 18:15 ` Tim Deegan
2011-05-23 9:02 ` Ian Campbell
2011-05-24 15:15 ` Ian Jackson
2011-05-24 15:57 ` Keir Fraser
2011-05-24 16:16 ` Ian Pratt
2011-05-24 17:14 ` Ian Jackson
2011-05-24 19:35 ` Cihula, Joseph
-- strict thread matches above, loose matches on Subject: below --
2011-05-12 13:48 Ian Jackson
2011-05-12 13:49 ` Ian Jackson
2011-05-13 8:08 ` Jan Beulich
2011-05-13 11:08 ` Joanna Rutkowska
2011-05-13 11:11 ` Ian Campbell
2011-05-13 11:20 ` Joanna Rutkowska
2011-05-13 12:34 ` Jan Beulich
2011-05-13 12:29 ` Jan Beulich
2011-05-13 12:50 ` Tim Deegan
2011-05-13 10:25 ` Ian Campbell
2011-05-16 21:34 ` Cihula, Joseph
2011-05-18 8:53 ` Ian Campbell
2011-05-18 10:03 ` Keir Fraser
2011-05-18 10:06 ` Ian Campbell
2011-05-13 17:32 ` Joanna Rutkowska
2011-05-13 17:35 ` Joanna Rutkowska
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=19931.58184.270083.947086@mariner.uk.xensource.com \
--to=ian.jackson@eu.citrix.com \
--cc=Ian.Campbell@eu.citrix.com \
--cc=Tim.Deegan@citrix.com \
--cc=joseph.cihula@intel.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.