This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Xen Advisory 5 (CVE-2011-3131) IOMMU fault livelock

To: Jan Beulich <JBeulich@xxxxxxxxxx>
Subject: Re: [Xen-devel] Xen Advisory 5 (CVE-2011-3131) IOMMU fault livelock
From: Tim Deegan <tim@xxxxxxx>
Date: Fri, 12 Aug 2011 15:09:01 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, "Xen.org security team" <security@xxxxxxx>
Delivery-date: Fri, 12 Aug 2011 07:10:22 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4E454C880200007800051000@xxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20037.10841.995717.397090@xxxxxxxxxxxxxxxxxxxxxxxx> <4E454C880200007800051000@xxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/
At 14:53 +0100 on 12 Aug (1313160824), Jan Beulich wrote:
> > This issue is resolved in changeset 23762:537ed3b74b3f of
> > xen-unstable.hg, and 23112:84e3706df07a of xen-4.1-testing.hg.
> Do you really think this helps much? Direct control of the device means
> it could also (perhaps on a second vCPU) constantly re-enable the bus
> mastering bit. 

That path goes through qemu/pciback, so at least lets Xen schedule the
dom0 tools.  The particular failure that this patch fixes was locking up
cpu0 so hard that it couldn't even service softirqs, and the NMI
watchdog rebooted the machine.

But you're right that this doesn't really fix the non-fatal performance
degradation.  There are probably a lot more ways that a malicious VM
with a PCI device could degrade performance, even just by aggressively
DMAing to consume bus cycles.  I think the best Xen can do is give dom0
a chance to shut down misbehaving guests.



Tim Deegan <tim@xxxxxxx>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

Xen-devel mailing list