From mboxrd@z Thu Jan  1 00:00:00 1970
From: Xen.org security team <security@xen.org>
Subject: Xen Advisory 5 (CVE-2011-3131) IOMMU fault livelock
Date: Fri, 12 Aug 2011 14:27:53 +0100
Message-ID: <20037.10841.995717.397090@mariner.uk.xensource.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: xen-devel@lists.xensource.com
List-Id: xen-devel@lists.xenproject.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

             Xen Security Advisory CVE-2011-3131 / XSA-5

        Xen DoS using IOMMU faults from PCI-passthrough guest


ISSUE DESCRIPTION
=================

A VM that controls a PCI[E] device directly can cause it to issue
DMA requests to invalid addresses.  Although these requests are
denied by the IOMMU, the hypervisor needs to handle the interrupt
and clear the error from the IOMMU, and this can be used to
live-lock a CPU and potentially hang the host.

Because this issue has already been discussed on public mailing lists,
there is no embargo on this advisory or the patches.

VULNERABLE SYSTEMS
==================

Any system where an untrusted VM is given direct control of a PCI[E] 
device is vulnerable. 

IMPACT
======

A malicious guest administrator of a VM that has direct control of a
PCI[E] device can cause a performance degradation, and possibly hang the
host.

RESOLUTION
==========

This issue is resolved in changeset 23762:537ed3b74b3f of
xen-unstable.hg, and 23112:84e3706df07a of xen-4.1-testing.hg.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJORSmkAAoJEIP+FMlX6CvZYDcIAKsgu6vDOG5Lz8/DLl48N/zg
KqPzbhW1XMm1b67un5r/bsWnuS9/z/jD8PEzybqLbS8RHwKE9XoXrJqx0Xz/Z+32
oJslxQjIzESlCf20QoNlOuPp6WgbsWGWKac+UO2r2CVtyx38L9P13OyRgzRzcoOn
eFAGB0iccr0gtWXsP2eK9MHhkGNk0yS1qJoI1XPp6DefREypUTDZOVzmgOOUuR+N
1OOUsGhdNt5mKjD/9hP7qDt6gs7EbvRrD8AHI72x4Sv9toy3i8qPO7o2PJH+X9r6
KObhbxkqgSwRaLjM+CIzFlmXXwD9GHSnzPWUO6LqAQPO6QdkUCpFSXwFRdy1H/0=
=qeJB
-----END PGP SIGNATURE-----