All of lore.kernel.org
 help / color / mirror / Atom feed
From: Xen.org security team <security@xen.org>
To: xen-devel@lists.xensource.com
Subject: Xen Advisory 5 (CVE-2011-3131) IOMMU fault livelock
Date: Fri, 12 Aug 2011 14:27:53 +0100	[thread overview]
Message-ID: <20037.10841.995717.397090@mariner.uk.xensource.com> (raw)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

             Xen Security Advisory CVE-2011-3131 / XSA-5

        Xen DoS using IOMMU faults from PCI-passthrough guest


ISSUE DESCRIPTION
=================

A VM that controls a PCI[E] device directly can cause it to issue
DMA requests to invalid addresses.  Although these requests are
denied by the IOMMU, the hypervisor needs to handle the interrupt
and clear the error from the IOMMU, and this can be used to
live-lock a CPU and potentially hang the host.

Because this issue has already been discussed on public mailing lists,
there is no embargo on this advisory or the patches.

VULNERABLE SYSTEMS
==================

Any system where an untrusted VM is given direct control of a PCI[E] 
device is vulnerable. 

IMPACT
======

A malicious guest administrator of a VM that has direct control of a
PCI[E] device can cause a performance degradation, and possibly hang the
host.

RESOLUTION
==========

This issue is resolved in changeset 23762:537ed3b74b3f of
xen-unstable.hg, and 23112:84e3706df07a of xen-4.1-testing.hg.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJORSmkAAoJEIP+FMlX6CvZYDcIAKsgu6vDOG5Lz8/DLl48N/zg
KqPzbhW1XMm1b67un5r/bsWnuS9/z/jD8PEzybqLbS8RHwKE9XoXrJqx0Xz/Z+32
oJslxQjIzESlCf20QoNlOuPp6WgbsWGWKac+UO2r2CVtyx38L9P13OyRgzRzcoOn
eFAGB0iccr0gtWXsP2eK9MHhkGNk0yS1qJoI1XPp6DefREypUTDZOVzmgOOUuR+N
1OOUsGhdNt5mKjD/9hP7qDt6gs7EbvRrD8AHI72x4Sv9toy3i8qPO7o2PJH+X9r6
KObhbxkqgSwRaLjM+CIzFlmXXwD9GHSnzPWUO6LqAQPO6QdkUCpFSXwFRdy1H/0=
=qeJB
-----END PGP SIGNATURE-----

             reply	other threads:[~2011-08-12 13:27 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-08-12 13:27 Xen.org security team [this message]
2011-08-12 13:53 ` Xen Advisory 5 (CVE-2011-3131) IOMMU fault livelock Jan Beulich
2011-08-12 14:09   ` Tim Deegan
2011-08-12 14:48     ` Jan Beulich
2011-08-15  9:26       ` Tim Deegan
2011-08-15 10:02         ` Jan Beulich
2011-08-16  7:03         ` Jan Beulich
2011-08-16 15:06           ` Tim Deegan
2011-08-16 15:59             ` Jan Beulich
2011-09-21  0:07               ` Kay, Allen M
2011-09-21  6:47                 ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20037.10841.995717.397090@mariner.uk.xensource.com \
    --to=security@xen.org \
    --cc=xen-devel@lists.xensource.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.