From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Jan Beulich" <JBeulich@novell.com>
Subject: Re: Xen Advisory 5 (CVE-2011-3131) IOMMU fault livelock
Date: Fri, 12 Aug 2011 14:53:44 +0100
Message-ID: <4E454C880200007800051000@nat28.tlf.novell.com>
References: <20037.10841.995717.397090@mariner.uk.xensource.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <20037.10841.995717.397090@mariner.uk.xensource.com>
Content-Disposition: inline
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Tim Deegan <Tim.Deegan@citrix.com>
Cc: xen-devel@lists.xensource.com, "Xen.org security team" <security@xen.org>
List-Id: xen-devel@lists.xenproject.org

>>> On 12.08.11 at 15:27, Xen.org security team <security@xen.org> wrote:
> IMPACT
> =3D=3D=3D=3D=3D=3D
>=20
> A malicious guest administrator of a VM that has direct control of a
> PCI[E] device can cause a performance degradation, and possibly hang the
> host.
>=20
> RESOLUTION
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>=20
> This issue is resolved in changeset 23762:537ed3b74b3f of
> xen-unstable.hg, and 23112:84e3706df07a of xen-4.1-testing.hg.

Do you really think this helps much? Direct control of the device means
it could also (perhaps on a second vCPU) constantly re-enable the bus
mastering bit. Preventing that would need cooperation with pciback or
filtering of subsequent config space writes directly in the hypervisor
(the latter could become difficult when mmcfg is being used by Dom0
even for base accesses).

Jan