From xen-announce-bounces@lists.xen.org Mon Dec 02 17:15:37 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 02 Dec 2013 17:15:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VnX4d-0005yu-H0; Mon, 02 Dec 2013 17:14:19 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VnX4c-0005ya-Jb; Mon, 02 Dec 2013 17:14:18 +0000 Received: from [85.158.139.211:55566] by server-10.bemta-5.messagelabs.com id 88/21-01405-9EFBC925; Mon, 02 Dec 2013 17:14:17 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-13.tower-206.messagelabs.com!1386004455!1718903!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.9.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 3742 invoked from network); 2 Dec 2013 17:14:16 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-13.tower-206.messagelabs.com with AES256-SHA encrypted SMTP; 2 Dec 2013 17:14:16 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VnX4T-0006cM-FN; Mon, 02 Dec 2013 17:14:09 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1VnX4T-0000AR-1P; Mon, 02 Dec 2013 17:14:09 +0000 Date: Mon, 02 Dec 2013 17:14:09 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-6885 / XSA-82 version 3 Guest triggerable AMD CPU erratum may cause host hang UPDATES IN VERSION 3 ==================== Early public release. This issue was predisclosed under embargo by the Xen Project Security team, on the 27th of November. We treated the issue as not publicly known because it was not evident from the public sources that this erratum constitutes a vulnerability (particularly, that it was a vulnerability in relation to some Xen configurations). Since then, the fact that this CPU erratum is likely to constitute a security problem has been publicly disclosed, on the oss-security mailing list. Under the circumstances, and in accordance with the Xen Project security vulnerability policy, it has been decided that it is no longer appropriate to retain the embargo, as the key facts are now in the open. ISSUE DESCRIPTION ================= AMD CPU erratum 793 "Specific Combination of Writes to Write Combined Memory Types and Locked Instructions May Cause Core Hang" describes a situation under which a CPU core may hang. IMPACT ====== A malicious guest administrator can mount a denial of service attack affecting the whole system. VULNERABLE SYSTEMS ================== The vulnerability is applicable only to family 16h model 00h-0fh AMD CPUs. Such CPUs running Xen versions 3.3 onwards are vulnerable. We have not checked earlier versions of Xen. HVM guests can always exploit the vulnerability if it is present. PV guests can exploit the vulnerability only if they have been granted access to physical device(s). Non-AMD CPUs are not vulnerable. CREDITS ======= This issue's security impact was discovered by Jan Beulich. MITIGATION ========== This issue can be avoided by neither running HVM guests, nor assigning PCI devices to PV guests. RESOLUTION ========== The attached patch contains a software workaround which resolves this issue. Alternatively, the recommended workaround can be implemented in firmware, so a suitable firmware update will resolve the issue. If you require a firmware update please consult your vendor. xsa82.patch Xen 4.1.x, Xen 4.2.x, Xen 4.3.x, xen-unstable $ sha256sum xsa82*.patch 0a58f3564ca91fd2668c202446c607fdb1ec8643e558a3921046d43675f58c08 xsa82.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJSnL+JAAoJEIP+FMlX6CvZw6gIAKqUkevFcn14iRT7g6iiTjbw Fq9oiu/RtSmPDS/8FkAW6vdhYTe5cA6wCxUbErp/oZ6IwtlAmbZUQ2oVrfw8Tep/ G1hpLDkGLeRD4sqPB3Yj/RS8MUWlZhX3H9FwJLzhDqFaGiVAOHe3zl/OgwMFEnUx PYSxdgPeiU3gavpJcDd5JamID+wLkihXMOHFKtdziOZsEAuv2lhIBSCamOVc638m vRMtE4LbcUCv80EvvMxtrUDkt+M+TS2JfQK+09mr5/hFkyicoeEawYLgeWUbuNhj CWbcKdyat6GauvhL46NE/aWlbUqSXHc8jcIdCDM2pRK1NR86qJiMC5av5EcPjOo= =V/Az -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa82.patch" Content-Disposition: attachment; filename="xsa82.patch" Content-Transfer-Encoding: base64 eDg2L0FNRDogd29yayBhcm91bmQgZXJyYXR1bSA3OTMKClRoZSByZWNvbW1l bmRhdGlvbiBpcyB0byBzZXQgYSBiaXQgaW4gYW4gTVNSIC0gZG8gdGhpcyBp ZiB0aGUgZmlybXdhcmUKZGlkbid0LCBjb25zaWRlcmluZyB0aGF0IG90aGVy d2lzZSB3ZSBleHBvc2Ugb3Vyc2VsdmVzIHRvIGEgZ3Vlc3QKaW5kdWNlZCBE b1MuCgpUaGlzIGlzIENWRS0yMDEzLTY4ODUgLyBYU0EtODIuCgpTaWduZWQt b2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+CkFja2Vk LWJ5OiBTdXJhdmVlIFN1dGhpa3VscGFuaXQgPHN1cmF2ZWUuc3V0aGlrdWxw YW5pdEBhbWQuY29tPgoKLS0tIGEveGVuL2FyY2gveDg2L2NwdS9hbWQuYwor KysgYi94ZW4vYXJjaC94ODYvY3B1L2FtZC5jCkBAIC00NzYsNiArNDc2LDIw IEBAIHN0YXRpYyB2b2lkIF9fZGV2aW5pdCBpbml0X2FtZChzdHJ1Y3QgY3AK IAkJICAgICAgICIqKiogUGFzcyBcImFsbG93X3Vuc2FmZVwiIGlmIHlvdSdy ZSB0cnVzdGluZyIKIAkJICAgICAgICIgYWxsIHlvdXIgKFBWKSBndWVzdCBr ZXJuZWxzLiAqKipcbiIpOwogCisJaWYgKGMtPng4NiA9PSAweDE2ICYmIGMt Png4Nl9tb2RlbCA8PSAweGYpIHsKKwkJcmRtc3JsKE1TUl9BTUQ2NF9MU19D RkcsIHZhbHVlKTsKKwkJaWYgKCEodmFsdWUgJiAoMSA8PCAxNSkpKSB7CisJ CQlzdGF0aWMgYm9vbF90IHdhcm5lZDsKKworCQkJaWYgKGMgPT0gJmJvb3Rf Y3B1X2RhdGEgfHwgb3B0X2NwdV9pbmZvIHx8CisJCQkgICAgIXRlc3RfYW5k X3NldF9ib29sKHdhcm5lZCkpCisJCQkJcHJpbnRrKEtFUk5fV0FSTklORwor CQkJCSAgICAgICAiQ1BVJXU6IEFwcGx5aW5nIHdvcmthcm91bmQgZm9yIGVy cmF0dW0gNzkzXG4iLAorCQkJCSAgICAgICBzbXBfcHJvY2Vzc29yX2lkKCkp OworCQkJd3Jtc3JsKE1TUl9BTUQ2NF9MU19DRkcsIHZhbHVlIHwgKDEgPDwg MTUpKTsKKwkJfQorCX0KKwogCS8qIEFNRCBDUFVzIGRvIG5vdCBzdXBwb3J0 IFNZU0VOVEVSIG91dHNpZGUgb2YgbGVnYWN5IG1vZGUuICovCiAJY2xlYXJf Yml0KFg4Nl9GRUFUVVJFX1NFUCwgYy0+eDg2X2NhcGFiaWxpdHkpOwogCi0t LSBhL3hlbi9pbmNsdWRlL2FzbS14ODYvbXNyLWluZGV4LmgKKysrIGIveGVu L2luY2x1ZGUvYXNtLXg4Ni9tc3ItaW5kZXguaApAQCAtMjEzLDYgKzIxMyw3 IEBACiAKIC8qIEFNRDY0IE1TUnMgKi8KICNkZWZpbmUgTVNSX0FNRDY0X05C X0NGRwkJMHhjMDAxMDAxZgorI2RlZmluZSBNU1JfQU1ENjRfTFNfQ0ZHCQkw eGMwMDExMDIwCiAjZGVmaW5lIE1TUl9BTUQ2NF9JQ19DRkcJCTB4YzAwMTEw MjEKICNkZWZpbmUgTVNSX0FNRDY0X0RDX0NGRwkJMHhjMDAxMTAyMgogI2Rl ZmluZSBBTUQ2NF9OQl9DRkdfQ0Y4X0VYVF9FTkFCTEVfQklUCTQ2Cg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Mon Dec 02 17:15:37 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 02 Dec 2013 17:15:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VnX4d-0005yu-H0; Mon, 02 Dec 2013 17:14:19 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VnX4c-0005ya-Jb; Mon, 02 Dec 2013 17:14:18 +0000 Received: from [85.158.139.211:55566] by server-10.bemta-5.messagelabs.com id 88/21-01405-9EFBC925; Mon, 02 Dec 2013 17:14:17 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-13.tower-206.messagelabs.com!1386004455!1718903!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.9.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 3742 invoked from network); 2 Dec 2013 17:14:16 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-13.tower-206.messagelabs.com with AES256-SHA encrypted SMTP; 2 Dec 2013 17:14:16 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VnX4T-0006cM-FN; Mon, 02 Dec 2013 17:14:09 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1VnX4T-0000AR-1P; Mon, 02 Dec 2013 17:14:09 +0000 Date: Mon, 02 Dec 2013 17:14:09 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-6885 / XSA-82 version 3 Guest triggerable AMD CPU erratum may cause host hang UPDATES IN VERSION 3 ==================== Early public release. This issue was predisclosed under embargo by the Xen Project Security team, on the 27th of November. We treated the issue as not publicly known because it was not evident from the public sources that this erratum constitutes a vulnerability (particularly, that it was a vulnerability in relation to some Xen configurations). Since then, the fact that this CPU erratum is likely to constitute a security problem has been publicly disclosed, on the oss-security mailing list. Under the circumstances, and in accordance with the Xen Project security vulnerability policy, it has been decided that it is no longer appropriate to retain the embargo, as the key facts are now in the open. ISSUE DESCRIPTION ================= AMD CPU erratum 793 "Specific Combination of Writes to Write Combined Memory Types and Locked Instructions May Cause Core Hang" describes a situation under which a CPU core may hang. IMPACT ====== A malicious guest administrator can mount a denial of service attack affecting the whole system. VULNERABLE SYSTEMS ================== The vulnerability is applicable only to family 16h model 00h-0fh AMD CPUs. Such CPUs running Xen versions 3.3 onwards are vulnerable. We have not checked earlier versions of Xen. HVM guests can always exploit the vulnerability if it is present. PV guests can exploit the vulnerability only if they have been granted access to physical device(s). Non-AMD CPUs are not vulnerable. CREDITS ======= This issue's security impact was discovered by Jan Beulich. MITIGATION ========== This issue can be avoided by neither running HVM guests, nor assigning PCI devices to PV guests. RESOLUTION ========== The attached patch contains a software workaround which resolves this issue. Alternatively, the recommended workaround can be implemented in firmware, so a suitable firmware update will resolve the issue. If you require a firmware update please consult your vendor. xsa82.patch Xen 4.1.x, Xen 4.2.x, Xen 4.3.x, xen-unstable $ sha256sum xsa82*.patch 0a58f3564ca91fd2668c202446c607fdb1ec8643e558a3921046d43675f58c08 xsa82.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJSnL+JAAoJEIP+FMlX6CvZw6gIAKqUkevFcn14iRT7g6iiTjbw Fq9oiu/RtSmPDS/8FkAW6vdhYTe5cA6wCxUbErp/oZ6IwtlAmbZUQ2oVrfw8Tep/ G1hpLDkGLeRD4sqPB3Yj/RS8MUWlZhX3H9FwJLzhDqFaGiVAOHe3zl/OgwMFEnUx PYSxdgPeiU3gavpJcDd5JamID+wLkihXMOHFKtdziOZsEAuv2lhIBSCamOVc638m vRMtE4LbcUCv80EvvMxtrUDkt+M+TS2JfQK+09mr5/hFkyicoeEawYLgeWUbuNhj CWbcKdyat6GauvhL46NE/aWlbUqSXHc8jcIdCDM2pRK1NR86qJiMC5av5EcPjOo= =V/Az -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa82.patch" Content-Disposition: attachment; filename="xsa82.patch" Content-Transfer-Encoding: base64 eDg2L0FNRDogd29yayBhcm91bmQgZXJyYXR1bSA3OTMKClRoZSByZWNvbW1l bmRhdGlvbiBpcyB0byBzZXQgYSBiaXQgaW4gYW4gTVNSIC0gZG8gdGhpcyBp ZiB0aGUgZmlybXdhcmUKZGlkbid0LCBjb25zaWRlcmluZyB0aGF0IG90aGVy d2lzZSB3ZSBleHBvc2Ugb3Vyc2VsdmVzIHRvIGEgZ3Vlc3QKaW5kdWNlZCBE b1MuCgpUaGlzIGlzIENWRS0yMDEzLTY4ODUgLyBYU0EtODIuCgpTaWduZWQt b2ZmLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+CkFja2Vk LWJ5OiBTdXJhdmVlIFN1dGhpa3VscGFuaXQgPHN1cmF2ZWUuc3V0aGlrdWxw YW5pdEBhbWQuY29tPgoKLS0tIGEveGVuL2FyY2gveDg2L2NwdS9hbWQuYwor KysgYi94ZW4vYXJjaC94ODYvY3B1L2FtZC5jCkBAIC00NzYsNiArNDc2LDIw IEBAIHN0YXRpYyB2b2lkIF9fZGV2aW5pdCBpbml0X2FtZChzdHJ1Y3QgY3AK IAkJICAgICAgICIqKiogUGFzcyBcImFsbG93X3Vuc2FmZVwiIGlmIHlvdSdy ZSB0cnVzdGluZyIKIAkJICAgICAgICIgYWxsIHlvdXIgKFBWKSBndWVzdCBr ZXJuZWxzLiAqKipcbiIpOwogCisJaWYgKGMtPng4NiA9PSAweDE2ICYmIGMt Png4Nl9tb2RlbCA8PSAweGYpIHsKKwkJcmRtc3JsKE1TUl9BTUQ2NF9MU19D RkcsIHZhbHVlKTsKKwkJaWYgKCEodmFsdWUgJiAoMSA8PCAxNSkpKSB7CisJ CQlzdGF0aWMgYm9vbF90IHdhcm5lZDsKKworCQkJaWYgKGMgPT0gJmJvb3Rf Y3B1X2RhdGEgfHwgb3B0X2NwdV9pbmZvIHx8CisJCQkgICAgIXRlc3RfYW5k X3NldF9ib29sKHdhcm5lZCkpCisJCQkJcHJpbnRrKEtFUk5fV0FSTklORwor CQkJCSAgICAgICAiQ1BVJXU6IEFwcGx5aW5nIHdvcmthcm91bmQgZm9yIGVy cmF0dW0gNzkzXG4iLAorCQkJCSAgICAgICBzbXBfcHJvY2Vzc29yX2lkKCkp OworCQkJd3Jtc3JsKE1TUl9BTUQ2NF9MU19DRkcsIHZhbHVlIHwgKDEgPDwg MTUpKTsKKwkJfQorCX0KKwogCS8qIEFNRCBDUFVzIGRvIG5vdCBzdXBwb3J0 IFNZU0VOVEVSIG91dHNpZGUgb2YgbGVnYWN5IG1vZGUuICovCiAJY2xlYXJf Yml0KFg4Nl9GRUFUVVJFX1NFUCwgYy0+eDg2X2NhcGFiaWxpdHkpOwogCi0t LSBhL3hlbi9pbmNsdWRlL2FzbS14ODYvbXNyLWluZGV4LmgKKysrIGIveGVu L2luY2x1ZGUvYXNtLXg4Ni9tc3ItaW5kZXguaApAQCAtMjEzLDYgKzIxMyw3 IEBACiAKIC8qIEFNRDY0IE1TUnMgKi8KICNkZWZpbmUgTVNSX0FNRDY0X05C X0NGRwkJMHhjMDAxMDAxZgorI2RlZmluZSBNU1JfQU1ENjRfTFNfQ0ZHCQkw eGMwMDExMDIwCiAjZGVmaW5lIE1TUl9BTUQ2NF9JQ19DRkcJCTB4YzAwMTEw MjEKICNkZWZpbmUgTVNSX0FNRDY0X0RDX0NGRwkJMHhjMDAxMTAyMgogI2Rl ZmluZSBBTUQ2NF9OQl9DRkdfQ0Y4X0VYVF9FTkFCTEVfQklUCTQ2Cg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Dec 10 12:59:47 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 10 Dec 2013 12:59:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VqMtf-0006d4-W7; Tue, 10 Dec 2013 12:58:43 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VqMtd-0006XI-AE; Tue, 10 Dec 2013 12:58:41 +0000 Received: from [85.158.143.35:29138] by server-1.bemta-4.messagelabs.com id AE/32-02132-00017A25; Tue, 10 Dec 2013 12:58:40 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-7.tower-21.messagelabs.com!1386680318!4616381!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 6.9.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 6930 invoked from network); 10 Dec 2013 12:58:39 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-7.tower-21.messagelabs.com with AES256-SHA encrypted SMTP; 10 Dec 2013 12:58:39 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VqMtV-00007D-QA; Tue, 10 Dec 2013 12:58:33 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1VqMtV-0007EA-Nj; Tue, 10 Dec 2013 12:58:33 +0000 Date: Tue, 10 Dec 2013 12:58:33 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 80 (CVE-2013-6400) - IOMMU TLB flushing may be inadvertently suppressed X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-6400 / XSA-80 version 3 IOMMU TLB flushing may be inadvertently suppressed UPDATES IN VERSION 3 ==================== Public release. Corrected explanatory text to refer to the correct patch filename. ISSUE DESCRIPTION ================= An internal flag is used to temporarily suppress IOMMU TLB flushes, in order to consolidate multiple single page flushes into one wider flush. This flag is not cleared again, on certain error paths. This can result in TLB flushes not happening when they are needed. Retaining stale TLB entries could allow guests access to memory that ought to have been revoked, or grant greater access than intended. IMPACT ====== Malicious guest administrators might be able to cause host-wide denial of service, or escalate their privilege to that of the host. VULNERABLE SYSTEMS ================== Only VMs which have been assigned PCI devices can exploit the bug. Only systems using Intel VT-d are vulnerable, since the bug is in the VT-d specific code in Xen. Xen 4.2.x and later are vulnerable. Xen 4.1.x and earlier are not vulnerable. MITIGATION ========== This issue can be avoided by not assigning PCI devices to untrusted guests on systems supporting Intel VT-d. CREDITS ======= This issue was discovered by Jan Beulich. RESOLUTION ========== Applying the attached patch resolves this issue. xsa80.patch Xen 4.2.x, Xen 4.3.x, xen-unstable $ sha256sum xsa80*.patch d15e627c59dd48e1cacb2fbcd5e2148975daa426df1f693b991d69201c048e77 xsa80.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJSpw/SAAoJEIP+FMlX6CvZu48IAIsJz4NRVXqCYl9hjtFhgfhL /V2J9T9Xp0/iNTmfP6FMu2wIZohAcosMOaZ5NXouIb50bta2mpeQhA0K0RZLEin5 2QH9rcfYYchAeQjPt72QVPH3iMTWdPXXV3HDuqXI+G+II64bonHvArtAwYxeJpWM ZwegEnxsEk2YsYk+TYGMzQws2sXygx06JxEJsE9/Q6BOJG9jnwvtRsleVDuMuBMR 6U1DdaxZohk5k1xqS5Y6udyXpJQgob7fMdwAoLWxxlb7vB3kOgzMoorVrzRZ0LcZ LmqBYxdCQRV+Tn19eE9xo1LjBr9qBS13nGDQbyIADoF85N/SmZoMycRsqunUQ2U= =rB23 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa80.patch" Content-Disposition: attachment; filename="xsa80.patch" Content-Transfer-Encoding: base64 SU9NTVU6IGNsZWFyICJkb24ndCBmbHVzaCIgb3ZlcnJpZGUgb24gZXJyb3Ig cGF0aHMKCkJvdGggeGVubWVtX2FkZF90b19waHlzbWFwKCkgYW5kIGlvbW11 X3BvcHVsYXRlX3BhZ2VfdGFibGUoKSBlYWNoIGhhdmUKYW4gZXJyb3IgcGF0 aCB0aGF0IGZhaWxzIHRvIGNsZWFyIHRoYXQgZmxhZywgdGh1cyBzdXBwcmVz c2luZyBmdXJ0aGVyCmZsdXNoZXMgb24gdGhlIHJlc3BlY3RpdmUgcENQVS4K CkluIGlvbW11X3BvcHVsYXRlX3BhZ2VfdGFibGUoKSBhbHNvIHNsaWdodGx5 IHJlLWFycmFuZ2UgY29kZSB0byBhdm9pZAp0aGUgZmFsc2UgaW1wcmVzc2lv biBvZiB0aGUgZmxhZyBpbiBxdWVzdGlvbiBiZWluZyBndWFyZGVkIGJ5IGEK ZG9tYWluJ3MgcGFnZV9hbGxvY19sb2NrLgoKVGhpcyBpcyBDVkUtMjAxMy02 NDAwIC8gWFNBLTgwLgoKU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpi ZXVsaWNoQHN1c2UuY29tPgpBY2tlZC1ieTogSWFuIENhbXBiZWxsIDxpYW4u Y2FtcGJlbGxAY2l0cml4LmNvbT4KCi0tLSBhL3hlbi9hcmNoL3g4Ni9tbS5j CisrKyBiL3hlbi9hcmNoL3g4Ni9tbS5jCkBAIC00NjQ4LDcgKzQ2NDgsNyBA QCBzdGF0aWMgaW50IHhlbm1lbV9hZGRfdG9fcGh5c21hcChzdHJ1Y3QgCiAg ICAgICAgIHsKICAgICAgICAgICAgIHJjID0geGVubWVtX2FkZF90b19waHlz bWFwX29uY2UoZCwgeGF0cCk7CiAgICAgICAgICAgICBpZiAoIHJjIDwgMCAp Ci0gICAgICAgICAgICAgICAgcmV0dXJuIHJjOworICAgICAgICAgICAgICAg IGJyZWFrOwogCiAgICAgICAgICAgICB4YXRwLT5pZHgrKzsKICAgICAgICAg ICAgIHhhdHAtPmdwZm4rKzsKLS0tIGEveGVuL2RyaXZlcnMvcGFzc3Rocm91 Z2gvaW9tbXUuYworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9pb21t dS5jCkBAIC0zMDYsMTEgKzMwNiwxMSBAQCBzdGF0aWMgaW50IGlvbW11X3Bv cHVsYXRlX3BhZ2VfdGFibGUoc3RyCiB7CiAgICAgc3RydWN0IGh2bV9pb21t dSAqaGQgPSBkb21haW5faHZtX2lvbW11KGQpOwogICAgIHN0cnVjdCBwYWdl X2luZm8gKnBhZ2U7Ci0gICAgaW50IHJjOworICAgIGludCByYyA9IDA7CiAK KyAgICB0aGlzX2NwdShpb21tdV9kb250X2ZsdXNoX2lvdGxiKSA9IDE7CiAg ICAgc3Bpbl9sb2NrKCZkLT5wYWdlX2FsbG9jX2xvY2spOwogCi0gICAgdGhp c19jcHUoaW9tbXVfZG9udF9mbHVzaF9pb3RsYikgPSAxOwogICAgIHBhZ2Vf bGlzdF9mb3JfZWFjaCAoIHBhZ2UsICZkLT5wYWdlX2xpc3QgKQogICAgIHsK ICAgICAgICAgaWYgKCBpc19odm1fZG9tYWluKGQpIHx8CkBAIC0zMjAsMTgg KzMyMCwyMCBAQCBzdGF0aWMgaW50IGlvbW11X3BvcHVsYXRlX3BhZ2VfdGFi bGUoc3RyCiAgICAgICAgICAgICByYyA9IGhkLT5wbGF0Zm9ybV9vcHMtPm1h cF9wYWdlKAogICAgICAgICAgICAgICAgIGQsIG1mbl90b19nbWZuKGQsIHBh Z2VfdG9fbWZuKHBhZ2UpKSwgcGFnZV90b19tZm4ocGFnZSksCiAgICAgICAg ICAgICAgICAgSU9NTVVGX3JlYWRhYmxlfElPTU1VRl93cml0YWJsZSk7Ci0g ICAgICAgICAgICBpZiAocmMpCi0gICAgICAgICAgICB7Ci0gICAgICAgICAg ICAgICAgc3Bpbl91bmxvY2soJmQtPnBhZ2VfYWxsb2NfbG9jayk7Ci0gICAg ICAgICAgICAgICAgaGQtPnBsYXRmb3JtX29wcy0+dGVhcmRvd24oZCk7Ci0g ICAgICAgICAgICAgICAgcmV0dXJuIHJjOwotICAgICAgICAgICAgfQorICAg ICAgICAgICAgaWYgKCByYyApCisgICAgICAgICAgICAgICAgYnJlYWs7CiAg ICAgICAgIH0KICAgICB9Ci0gICAgdGhpc19jcHUoaW9tbXVfZG9udF9mbHVz aF9pb3RsYikgPSAwOwotICAgIGlvbW11X2lvdGxiX2ZsdXNoX2FsbChkKTsK KwogICAgIHNwaW5fdW5sb2NrKCZkLT5wYWdlX2FsbG9jX2xvY2spOwotICAg IHJldHVybiAwOworICAgIHRoaXNfY3B1KGlvbW11X2RvbnRfZmx1c2hfaW90 bGIpID0gMDsKKworICAgIGlmICggIXJjICkKKyAgICAgICAgaW9tbXVfaW90 bGJfZmx1c2hfYWxsKGQpOworICAgIGVsc2UKKyAgICAgICAgaGQtPnBsYXRm b3JtX29wcy0+dGVhcmRvd24oZCk7CisKKyAgICByZXR1cm4gcmM7CiB9CiAK IAo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Dec 10 12:59:47 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 10 Dec 2013 12:59:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VqMtd-0006Yn-ML; Tue, 10 Dec 2013 12:58:41 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VqMtb-0006Uq-MF; Tue, 10 Dec 2013 12:58:40 +0000 Received: from [85.158.139.211:18165] by server-13.bemta-5.messagelabs.com id A8/22-11357-EFF07A25; Tue, 10 Dec 2013 12:58:38 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-15.tower-206.messagelabs.com!1386680316!3508789!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 6.9.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 2357 invoked from network); 10 Dec 2013 12:58:37 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-15.tower-206.messagelabs.com with AES256-SHA encrypted SMTP; 10 Dec 2013 12:58:37 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VqMtS-000071-1c; Tue, 10 Dec 2013 12:58:30 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1VqMtR-0007D8-OW; Tue, 10 Dec 2013 12:58:29 +0000 Date: Tue, 10 Dec 2013 12:58:29 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 77 - Disaggregated domain management security status X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory XSA-77 version 3 Disaggregated domain management security status UPDATES IN VERSION 3 ==================== Public release. The included documentation patch now updates the xsm-flash.txt documentation rather than the Xen public headers. The advisory has been updated to reflect this. Made the warning about the documentation patch stand out more clearly. ISSUE DESCRIPTION ================= Xen supports disaggregation of various support and management functions into their own domains; this is often done for security and robustness reasons. In Xen 4.3 additional functionality was introduced to allow further disaggregation: the Xen Security Modules mechanism was enhanced to make it possible to delegate various domain control hypercalls to particular other domains, rather than only permitting use by dom0. However the several affected hypercall implementations were originally written to be used only by the totally-privileged dom0, and have not been reviewed for security when exposed to supposedly-only-semi-privileged disaggregated management domains. But such management domains are (in such a design) to be seen as potentially hostile, e.g. due to privilege escalation following exploitation of a bug in the management domain. As a result, the potential security benefits of toolstack disaggregation are not always fully realised. This constitutes a breach of the enhanced security promises implied by the Xen APIs in Xen in 4.3 and later. The affected hypercalls are: __HYPERVISOR_domctl: The majority of the XEN_DOMCTL_* subops are affected. Exceptions are listed below. __HYPERVISOR_sysctl: All XEN_SYSCTL_* subops are affected. __HYPERVISOR_memory_op: A small number of XENMEM_* subops are affected. See below. __HYPERVISOR_tmem_op: All TMEMC_* sub-subops of the TMEM_CONTROL subop are affected. The majority of the domctls are subject to this issue. Prior to 4.3, only the following domctls were disaggregatable, and they are NOT affected by these problems: XEN_DOMCTL_ioport_mapping XEN_DOMCTL_bind_pt_irq XEN_DOMCTL_memory_mapping XEN_DOMCTL_unbind_pt_irq The implementations of these were written with semi-trusted callers in mind. Only the following memory op subops are affected: XENMEM_set_pod_target XENMEM_get_pod_target XENMEM_claim_pages The remainder of the memory ops were written with untrusted or semi-trusted callers in mind. IMPACT ====== Domains deliberately given partial management control may be able to deny service to the entire host or even escalate their privileges. As a result, in a system designed to enhance security by radically disaggregating the management, the security may be reduced. But, the security will be no worse than a non-disaggregated design. VULNERABLE SYSTEMS ================== This issue is only relevant to systems which intend to increase security through the use of advanced disaggregated management techniques. This does not include systems using libxl, libvirt, xm/xend, XCP/XenServer, OpenStack or CloudStack (unless substantially modified or supplemented, as compared to versions supplied by the respective upstreams). This issue is not relevant to stub device models, driver domains, or stub xenstored. Those disaggregation techniques do not rely on granting the semi-privileged support domains access to the affected interfaces, and are believed to provide the intended security benefits. This issue is only relevant to Xen 4.3 and xen-unstable, and not to any earlier version. PROCESS FOR VULNERABILITIES IN AFFECTED INTERFACES ================================================== Until the interfaces have been properly reviewed for security against hostile callers, the Xen.org security team intends (subject of course to the permission of anyone disclosing to us) to handle these and future vulnerabilities in these interfaces in public, as if they were normal non-security-related bugs. This applies only to bugs which do no more than reduce the security of a radically disaggregated system to the security of a non-disaggregated one. Here a "radically disaggregated system" is one which uses the XSM mechanism to delegate the affected interfaces to other-than-fully-trusted domains. This policy does not apply to bugs which affect stub device models, driver domains, or stub xenstored - even if those bugs do no worse than reduce the security of such a system to one whose device models, backend drivers, or xenstore, run in dom0. The list of interfaces which are subject to the above process exception are listed in the Xen Source tree in docs/misc/xsm-flask under the heading "Security Status of dom0 disaggregation". This document is also available at http://xenbits.xen.org/docs/unstable/misc/xsm-flask.txt. We intend that currently-known problems will be publicly disclosed on the xen-devel mailing list, as normal bug reports, at the expiry of the XSA-77 embargo. In the meantime the list below may be helpful. MITIGATION ========== The issues discussed in this advisory are themselves bugs in features used for a security risk mitigation. There is no further mitigation available, beyond general measures to try to avoid parts of the system management becoming controlled by attackers. Those are the kind of measures which we expect any users of radical disaggregation to have already deployed. Switching from disaggregated to a non-disaggregated operation does NOT mitigate these vulnerabilities. Rather, it simply recategorises the vulnerability to hostile management code, regarding it "as designed"; thus it merely reclassifies these issues as "not a bug". Users and vendors of disaggregated systems should not change their configuration. The robustness benefits of disaggregation are unaffected, and (depending on system design) security benefits are likely to remain despite the vulnerabilities. RESOLUTION ========== We hope that the control interface attack surface can be reviewed and improved so that disaggregation can deliver its security benefits more fully. Patches resulting from this process will be developed in public and applied to the Xen trees as if they were ordinary bugfixes. In the meantime the attached patch will be applied to the unstable branch in order to track which interfaces are subject to this exception. This patch is purely documentary and DOES NOT resolve any issue. $ sha256sum xsa77*.patch bd9daffa8abfb05fb4a474e903dcd777352a705c1cf6e89343ea6545d545e4cb xsa77-unstable.patch $ CREDITS ======= The issues which prompted this advisory were discovered by Jan Beulich and Don Slutz. LIST OF KNOWN VULNERABILITIES ============================= **NOTE** that this is unlikely to be a complete list of problems. **NOTE** that after publication of this advisory, after the embargo ends, the advisory will no longer be updated to extend this list of vulnerabilities. See `Process for domctl vulnerabilities', above. Multiple domctls can be made, by the caller, to perform excessively long-running operations. This can result in host-wide denial of service and watchdog-induced crashes. XEN_DOMCTL_gethvmcontext_partial allows access to guest state, in particular certain pieces that are per-vCPU. If one or more of a guest's vCPU-s are offline, the space internally allocated to store each individual vCPU's state would not get fully used and, due to another bug, information from the portion that didn't get initialized may be returned back to the caller. In the course of processing the request to set register state for another PV guest's vCPU, the hypervisor updated the in memory copy of the debug register values twice - first by simply copying over the values, and in a second step through code properly verifying them. Between the two operations there are, however, other error exit paths, making it possible that unvalidated state could remain in place and be loaded when the vCPU is next scheduled to run. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJSpw/NAAoJEIP+FMlX6CvZBskH/j4YsHS48A82IEez4Zn7m+m6 n2d3UjT7fAAgxvqD3YJ7gsZI0Xi4PKw4ThHmmV6ZIdE18jju9ByrcsLLA/z77sO4 eUEastK49XKQ1Him7v+XB2/zfZ2ty/grnWS9dk5r18hVQLv+KIuQoyB+/QHt3bD4 i06R6iyhE57yJiD72bTNflITioyuZybMG/MM+7Pby8OVblagNgUS3YK9Z5J246/e fWDTUsgI6c63zWRjqwBZB0vI+omr/GfNUX0e77LMnv/f/X6jwVBdNML2RDI9HDRO lWdfQQeYHQN/mK6OD5s13+qIonv3iq8wJjeRxvQpQKAnjynFu61VDnp/ghN6xnE= =lQLn -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa77-unstable.patch" Content-Disposition: attachment; filename="xsa77-unstable.patch" Content-Transfer-Encoding: base64 eGVuOiBsaXN0IGludGVyZmFjZXMgc3ViamVjdCB0byB0aGUgc2VjdXJpdHkg cHJvY2VzcyBleGNlcHRpb24gaW4gWFNBLTc3CgpMaXN0IGFsbCB0aGUgc3Vi IG9wcyBvZjoKICBfX0hZUEVSVklTT1JfZG9tY3RsCiAgX19IWVBFUlZJU09S X3N5c2N0bAogIF9fSFlQRVJWSVNPUl9tZW1vcnlfb3AKICBfX0hZUEVSVklT T1JfdG1lbV9vcAp3aGljaCBhcmUgc3ViamVjdCB0byB0aGUgcG9saWN5IGdp dmVuIGluCmh0dHA6Ly94ZW5iaXRzLnhlbi5vcmcveHNhL2Fkdmlzb3J5LTc3 Lmh0bWwKCkl0IGlzIGV4cGVjdGVkIHRoYXQgdGhlc2UgbGlzdHMgd2lsbCBi ZSB3aGl0dGxlZCBhd2F5IGFzIGVhY2ggaW50ZXJmYWNlIGlzCmF1ZGl0ZWQg Zm9yIHNhZmV0eS4KCk5ldyBpbnRlcmZhY2VzIHNob3VsZCBiZSBleHBlY3Rl ZCB0byBiZSBzYWZlIHdoZW4gaW50cm9kdWNlZCAoSU9XIHRoZSBsaXN0CnNo b3VsZCBuZXZlciBiZSBleHBhbmRlZCkuCgpUaGlzIGlzIFhTQS03Ny4KClNp Z25lZC1vZmYtYnk6IElhbiBDYW1wYmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJp eC5jb20+CgpkaWZmIC0tZ2l0IGEvZG9jcy9taXNjL3hzbS1mbGFzay50eHQg Yi9kb2NzL21pc2MveHNtLWZsYXNrLnR4dAppbmRleCBmZjgxYjAxLi5kZGQ1 ODMxIDEwMDY0NAotLS0gYS9kb2NzL21pc2MveHNtLWZsYXNrLnR4dAorKysg Yi9kb2NzL21pc2MveHNtLWZsYXNrLnR4dApAQCAtMTcsNiArMTcsMTg5IEBA IFNvbWUgZXhhbXBsZXMgb2Ygd2hhdCBGTEFTSyBjYW4gZG86CiBTb21lIG9m IHRoZXNlIGV4YW1wbGVzIHJlcXVpcmUgZG9tMCBkaXNhZ2dyZWdhdGlvbiB0 byBiZSB1c2VmdWwsIHNpbmNlIHRoZQogZG9tYWluIGJ1aWxkIHByb2Nlc3Mg cmVxdWlyZXMgdGhlIGFiaWxpdHkgdG8gd3JpdGUgdG8gdGhlIG5ldyBkb21h aW4ncyBtZW1vcnkuCiAKK1NlY3VyaXR5IFN0YXR1cyBvZiBkb20wIGRpc2Fn Z3JlZ2F0aW9uCistLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLQorCitYZW4gc3VwcG9ydHMgZGlzYWdncmVnYXRpb24gb2YgdmFyaW91 cyBzdXBwb3J0IGFuZCBtYW5hZ2VtZW50CitmdW5jdGlvbnMgaW50byB0aGVp ciBvd24gZG9tYWlucywgdmlhIHRoZSBYU00gbWVjaGFuaXNtcyBkZXNjcmli ZWQgaW4KK3RoaXMgZG9jdW1lbnQuCisKK0hvd2V2ZXIgdGhlIGltcGxlbWVu dGF0aW9ucyBvZiB0aGVzZSBzdXBwb3J0IGFuZCBtYW5hZ2VtZW50IGludGVy ZmFjZXMKK3dlcmUgb3JpZ2luYWxseSB3cml0dGVuIHRvIGJlIHVzZWQgb25s eSBieSB0aGUgdG90YWxseS1wcml2aWxlZ2VkCitkb20wLCBhbmQgaGF2ZSBu b3QgYmVlbiByZXZpZXdlZCBmb3Igc2VjdXJpdHkgd2hlbiBleHBvc2VkIHRv CitzdXBwb3NlZGx5LW9ubHktc2VtaS1wcml2aWxlZ2VkIGRpc2FnZ3JlZ2F0 ZWQgbWFuYWdlbWVudCBkb21haW5zLiAgQnV0CitzdWNoIG1hbmFnZW1lbnQg ZG9tYWlucyBhcmUgKGluIHN1Y2ggYSBkZXNpZ24pIHRvIGJlIHNlZW4gYXMK K3BvdGVudGlhbGx5IGhvc3RpbGUsIGUuZy4gZHVlIHRvIHByaXZpbGVnZSBl c2NhbGF0aW9uIGZvbGxvd2luZworZXhwbG9pdGF0aW9uIG9mIGEgYnVnIGlu IHRoZSBtYW5hZ2VtZW50IGRvbWFpbi4KKworVW50aWwgdGhlIGludGVyZmFj ZXMgaGF2ZSBiZWVuIHByb3Blcmx5IHJldmlld2VkIGZvciBzZWN1cml0eSBh Z2FpbnN0Citob3N0aWxlIGNhbGxlcnMsIHRoZSBYZW4ub3JnIHNlY3VyaXR5 IHRlYW0gaW50ZW5kcyAoc3ViamVjdCBvZiBjb3Vyc2UKK3RvIHRoZSBwZXJt aXNzaW9uIG9mIGFueW9uZSBkaXNjbG9zaW5nIHRvIHVzKSB0byBoYW5kbGUg dGhlc2UgYW5kCitmdXR1cmUgdnVsbmVyYWJpbGl0aWVzIGluIHRoZXNlIGlu dGVyZmFjZXMgaW4gcHVibGljLCBhcyBpZiB0aGV5IHdlcmUKK25vcm1hbCBu b24tc2VjdXJpdHktcmVsYXRlZCBidWdzLgorCitUaGlzIGFwcGxpZXMgb25s eSB0byBidWdzIHdoaWNoIGRvIG5vIG1vcmUgdGhhbiByZWR1Y2UgdGhlIHNl Y3VyaXR5IG9mCithIHJhZGljYWxseSBkaXNhZ2dyZWdhdGVkIHN5c3RlbSB0 byB0aGUgc2VjdXJpdHkgb2YgYQorbm9uLWRpc2FnZ3JlZ2F0ZWQgb25lLiAg SGVyZSBhICJyYWRpY2FsbHkgZGlzYWdncmVnYXRlZCBzeXN0ZW0iIGlzIG9u ZQord2hpY2ggdXNlcyB0aGUgWFNNIG1lY2hhbmlzbSB0byBkZWxlZ2F0ZSB0 aGUgYWZmZWN0ZWQgaW50ZXJmYWNlcyB0bworb3RoZXItdGhhbi1mdWxseS10 cnVzdGVkIGRvbWFpbnMuCisKK1RoaXMgcG9saWN5IGRvZXMgbm90IGFwcGx5 IHRvIGJ1Z3Mgd2hpY2ggYWZmZWN0IHN0dWIgZGV2aWNlIG1vZGVscywKK2Ry aXZlciBkb21haW5zLCBvciBzdHViIHhlbnN0b3JlZCAtIGV2ZW4gaWYgdGhv c2UgYnVncyBkbyBubyB3b3JzZQordGhhbiByZWR1Y2UgdGhlIHNlY3VyaXR5 IG9mIHN1Y2ggYSBzeXN0ZW0gdG8gb25lIHdob3NlIGRldmljZSBtb2RlbHMs CitiYWNrZW5kIGRyaXZlcnMsIG9yIHhlbnN0b3JlLCBydW4gaW4gZG9tMC4K KworRm9yIG1vcmUgaW5mb3JtYXRpb24gc2VlIGh0dHA6Ly94ZW5iaXRzLnhl bi5vcmcveHNhL2Fkdmlzb3J5LTc3Lmh0bWwuCisKK1RoZSBmb2xsb3dpbmcg aW50ZXJmYWNlcyBhcmUgY292ZXJlZCBieSB0aGlzIHN0YXRlbWVudC4gIElu dGVyZmFjZXMKK25vdCBsaXN0ZWQgaGVyZSBhcmUgY29uc2lkZXJlZCBzYWZl IGZvciBkaXNhZ2dyZWdhdGlvbiwgc2VjdXJpdHkKK2lzc3VlcyBmb3VuZCBp biBpbnRlcmZhY2VzIG5vdCBsaXN0ZWQgaGVyZSB3aWxsIGJlIGhhbmRsZWQg YWNjb3JkaW5nCit0byB0aGUgbm9ybWFsIHNlY3VyaXR5IHByb2JsZW0gcmVz cG9uc2UgcG9saWN5CitodHRwOi8vd3d3LnhlbnByb2plY3Qub3JnL3NlY3Vy aXR5LXBvbGljeS5odG1sLgorCitfX0hZUEVSVklTT1JfZG9tY3RsICh4ZW4v aW5jbHVkZS9wdWJsaWMvZG9tY3RsLmgpCisKKyBUaGUgZm9sbG93aW5nIHN1 Ym9wcyBhcmUgY292ZXJlZCBieSB0aGlzIHN0YXRlbWVudC4gc3Vib3BzIG5v dCBsaXN0ZWQKKyBoZXJlIGFyZSBjb25zaWRlcmVkIHNhZmUgZm9yIGRpc2Fn Z3JlZ2F0aW9uLgorCisgKiBYRU5fRE9NQ1RMX2NyZWF0ZWRvbWFpbgorICog WEVOX0RPTUNUTF9kZXN0cm95ZG9tYWluCisgKiBYRU5fRE9NQ1RMX3BhdXNl ZG9tYWluCisgKiBYRU5fRE9NQ1RMX3VucGF1c2Vkb21haW4KKyAqIFhFTl9E T01DVExfZ2V0ZG9tYWluaW5mbworICogWEVOX0RPTUNUTF9nZXRtZW1saXN0 CisgKiBYRU5fRE9NQ1RMX2dldHBhZ2VmcmFtZWluZm8KKyAqIFhFTl9ET01D VExfZ2V0cGFnZWZyYW1laW5mbzIKKyAqIFhFTl9ET01DVExfc2V0dmNwdWFm ZmluaXR5CisgKiBYRU5fRE9NQ1RMX3NoYWRvd19vcAorICogWEVOX0RPTUNU TF9tYXhfbWVtCisgKiBYRU5fRE9NQ1RMX3NldHZjcHVjb250ZXh0CisgKiBY RU5fRE9NQ1RMX2dldHZjcHVjb250ZXh0CisgKiBYRU5fRE9NQ1RMX2dldHZj cHVpbmZvCisgKiBYRU5fRE9NQ1RMX21heF92Y3B1cworICogWEVOX0RPTUNU TF9zY2hlZHVsZXJfb3AKKyAqIFhFTl9ET01DVExfc2V0ZG9tYWluaGFuZGxl CisgKiBYRU5fRE9NQ1RMX3NldGRlYnVnZ2luZworICogWEVOX0RPTUNUTF9p cnFfcGVybWlzc2lvbgorICogWEVOX0RPTUNUTF9pb21lbV9wZXJtaXNzaW9u CisgKiBYRU5fRE9NQ1RMX2lvcG9ydF9wZXJtaXNzaW9uCisgKiBYRU5fRE9N Q1RMX2h5cGVyY2FsbF9pbml0CisgKiBYRU5fRE9NQ1RMX2FyY2hfc2V0dXAK KyAqIFhFTl9ET01DVExfc2V0dGltZW9mZnNldAorICogWEVOX0RPTUNUTF9n ZXR2Y3B1YWZmaW5pdHkKKyAqIFhFTl9ET01DVExfcmVhbF9tb2RlX2FyZWEK KyAqIFhFTl9ET01DVExfcmVzdW1lZG9tYWluCisgKiBYRU5fRE9NQ1RMX3Nl bmR0cmlnZ2VyCisgKiBYRU5fRE9NQ1RMX3N1YnNjcmliZQorICogWEVOX0RP TUNUTF9nZXRodm1jb250ZXh0CisgKiBYRU5fRE9NQ1RMX3NldGh2bWNvbnRl eHQKKyAqIFhFTl9ET01DVExfc2V0X2FkZHJlc3Nfc2l6ZQorICogWEVOX0RP TUNUTF9nZXRfYWRkcmVzc19zaXplCisgKiBYRU5fRE9NQ1RMX2Fzc2lnbl9k ZXZpY2UKKyAqIFhFTl9ET01DVExfcGluX21lbV9jYWNoZWF0dHIKKyAqIFhF Tl9ET01DVExfc2V0X2V4dF92Y3B1Y29udGV4dAorICogWEVOX0RPTUNUTF9n ZXRfZXh0X3ZjcHVjb250ZXh0CisgKiBYRU5fRE9NQ1RMX3NldF9vcHRfZmVh dHVyZQorICogWEVOX0RPTUNUTF90ZXN0X2Fzc2lnbl9kZXZpY2UKKyAqIFhF Tl9ET01DVExfc2V0X3RhcmdldAorICogWEVOX0RPTUNUTF9kZWFzc2lnbl9k ZXZpY2UKKyAqIFhFTl9ET01DVExfc2V0X2NwdWlkCisgKiBYRU5fRE9NQ1RM X2dldF9kZXZpY2VfZ3JvdXAKKyAqIFhFTl9ET01DVExfc2V0X21hY2hpbmVf YWRkcmVzc19zaXplCisgKiBYRU5fRE9NQ1RMX2dldF9tYWNoaW5lX2FkZHJl c3Nfc2l6ZQorICogWEVOX0RPTUNUTF9zdXBwcmVzc19zcHVyaW91c19wYWdl X2ZhdWx0cworICogWEVOX0RPTUNUTF9kZWJ1Z19vcAorICogWEVOX0RPTUNU TF9nZXRodm1jb250ZXh0X3BhcnRpYWwKKyAqIFhFTl9ET01DVExfbWVtX2V2 ZW50X29wCisgKiBYRU5fRE9NQ1RMX21lbV9zaGFyaW5nX29wCisgKiBYRU5f RE9NQ1RMX2Rpc2FibGVfbWlncmF0ZQorICogWEVOX0RPTUNUTF9nZXR0c2Np bmZvCisgKiBYRU5fRE9NQ1RMX3NldHRzY2luZm8KKyAqIFhFTl9ET01DVExf Z2V0cGFnZWZyYW1laW5mbzMKKyAqIFhFTl9ET01DVExfc2V0dmNwdWV4dHN0 YXRlCisgKiBYRU5fRE9NQ1RMX2dldHZjcHVleHRzdGF0ZQorICogWEVOX0RP TUNUTF9zZXRfYWNjZXNzX3JlcXVpcmVkCisgKiBYRU5fRE9NQ1RMX2F1ZGl0 X3AybQorICogWEVOX0RPTUNUTF9zZXRfdmlycV9oYW5kbGVyCisgKiBYRU5f RE9NQ1RMX3NldF9icm9rZW5fcGFnZV9wMm0KKyAqIFhFTl9ET01DVExfc2V0 bm9kZWFmZmluaXR5CisgKiBYRU5fRE9NQ1RMX2dldG5vZGVhZmZpbml0eQor ICogWEVOX0RPTUNUTF9zZXRfbWF4X2V2dGNobgorICogWEVOX0RPTUNUTF9n ZGJzeF9ndWVzdG1lbWlvCisgKiBYRU5fRE9NQ1RMX2dkYnN4X3BhdXNldmNw dQorICogWEVOX0RPTUNUTF9nZGJzeF91bnBhdXNldmNwdQorICogWEVOX0RP TUNUTF9nZGJzeF9kb21zdGF0dXMKKworX19IWVBFUlZJU09SX3N5c2N0bCAo eGVuL2luY2x1ZGUvcHVibGljL3N5c2N0bC5oKQorCisgVGhlIGZvbGxvd2lu ZyBzdWJvcHMgYXJlIGNvdmVyZWQgYnkgdGhpcyBzdGF0ZW1lbnQuIHN1Ym9w cyBub3QgbGlzdGVkCisgaGVyZSBhcmUgY29uc2lkZXJlZCBzYWZlIGZvciBk aXNhZ2dyZWdhdGlvbi4KKworICogWEVOX1NZU0NUTF9yZWFkY29uc29sZQor ICogWEVOX1NZU0NUTF90YnVmX29wCisgKiBYRU5fU1lTQ1RMX3BoeXNpbmZv CisgKiBYRU5fU1lTQ1RMX3NjaGVkX2lkCisgKiBYRU5fU1lTQ1RMX3BlcmZj X29wCisgKiBYRU5fU1lTQ1RMX2dldGRvbWFpbmluZm9saXN0CisgKiBYRU5f U1lTQ1RMX2RlYnVnX2tleXMKKyAqIFhFTl9TWVNDVExfZ2V0Y3B1aW5mbwor ICogWEVOX1NZU0NUTF9hdmFpbGhlYXAKKyAqIFhFTl9TWVNDVExfZ2V0X3Bt c3RhdAorICogWEVOX1NZU0NUTF9jcHVfaG90cGx1ZworICogWEVOX1NZU0NU TF9wbV9vcAorICogWEVOX1NZU0NUTF9wYWdlX29mZmxpbmVfb3AKKyAqIFhF Tl9TWVNDVExfbG9ja3Byb2Zfb3AKKyAqIFhFTl9TWVNDVExfdG9wb2xvZ3lp bmZvCisgKiBYRU5fU1lTQ1RMX251bWFpbmZvCisgKiBYRU5fU1lTQ1RMX2Nw dXBvb2xfb3AKKyAqIFhFTl9TWVNDVExfc2NoZWR1bGVyX29wCisgKiBYRU5f U1lTQ1RMX2NvdmVyYWdlX29wCisKK19fSFlQRVJWSVNPUl9tZW1vcnlfb3Ag KHhlbi9pbmNsdWRlL3B1YmxpYy9tZW1vcnkuaCkKKworIFRoZSBmb2xsb3dp bmcgc3Vib3BzIGFyZSBjb3ZlcmVkIGJ5IHRoaXMgc3RhdGVtZW50LiBzdWJv cHMgbm90IGxpc3RlZAorIGhlcmUgYXJlIGNvbnNpZGVyZWQgc2FmZSBmb3Ig ZGlzYWdncmVnYXRpb24uCisKKyAqIFhFTk1FTV9zZXRfcG9kX3RhcmdldAor ICogWEVOTUVNX2dldF9wb2RfdGFyZ2V0CisgKiBYRU5NRU1fY2xhaW1fcGFn ZXMKKworX19IWVBFUlZJU09SX3RtZW1fb3AgKHhlbi9pbmNsdWRlL3B1Ymxp Yy90bWVtLmgpCisKKyBUaGUgZm9sbG93aW5nIHRtZW0gY29udHJvbCBvcHMs IHRoYXQgaXMgdGhlIHN1Yi1zdWJvcHMgb2YKKyBUTUVNX0NPTlRST0wsIGFy ZSBjb3ZlcmVkIGJ5IHRoaXMgc3RhdGVtZW50LiAKKworIE5vdGUgdGhhdCBU TUVNIGlzIGFsc28gc3ViamVjdCB0byBhIHNpbWlsYXIgcG9saWN5IGFyaXNp bmcgZnJvbQorIFhTQS0xNSBodHRwOi8vbGlzdHMueGVuLm9yZy9hcmNoaXZl cy9odG1sL3hlbi1hbm5vdW5jZS8yMDEyLTA5L21zZzAwMDA2Lmh0bWwuCisg RHVlIHRvIHRoaXMgZXhpc3RpbmcgcG9saWN5IGFsbCBUTUVNIE9wcyBhcmUg YWxyZWFkeSBzdWJqZWN0IHRvCisgcmVkdWNlZCBzZWN1cml0eSBzdXBwb3J0 LgorCisgKiBUTUVNQ19USEFXCisgKiBUTUVNQ19GUkVFWkUKKyAqIFRNRU1D X0ZMVVNICisgKiBUTUVNQ19ERVNUUk9ZCisgKiBUTUVNQ19MSVNUCisgKiBU TUVNQ19TRVRfV0VJR0hUCisgKiBUTUVNQ19TRVRfQ0FQCisgKiBUTUVNQ19T RVRfQ09NUFJFU1MKKyAqIFRNRU1DX1FVRVJZX0ZSRUVBQkxFX01CCisgKiBU TUVNQ19TQVZFX0JFR0lOCisgKiBUTUVNQ19TQVZFX0dFVF9WRVJTSU9OCisg KiBUTUVNQ19TQVZFX0dFVF9NQVhQT09MUworICogVE1FTUNfU0FWRV9HRVRf Q0xJRU5UX1dFSUdIVAorICogVE1FTUNfU0FWRV9HRVRfQ0xJRU5UX0NBUAor ICogVE1FTUNfU0FWRV9HRVRfQ0xJRU5UX0ZMQUdTCisgKiBUTUVNQ19TQVZF X0dFVF9QT09MX0ZMQUdTCisgKiBUTUVNQ19TQVZFX0dFVF9QT09MX05QQUdF UworICogVE1FTUNfU0FWRV9HRVRfUE9PTF9VVUlECisgKiBUTUVNQ19TQVZF X0dFVF9ORVhUX1BBR0UKKyAqIFRNRU1DX1NBVkVfR0VUX05FWFRfSU5WCisg KiBUTUVNQ19TQVZFX0VORAorICogVE1FTUNfUkVTVE9SRV9CRUdJTgorICog VE1FTUNfUkVTVE9SRV9QVVRfUEFHRQorICogVE1FTUNfUkVTVE9SRV9GTFVT SF9QQUdFCisKKwogCiBTZXR0aW5nIHVwIEZMQVNLCiAtLS0tLS0tLS0tLS0t LS0tCg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Dec 10 12:59:47 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 10 Dec 2013 12:59:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VqMtf-0006d4-W7; Tue, 10 Dec 2013 12:58:43 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VqMtd-0006XI-AE; Tue, 10 Dec 2013 12:58:41 +0000 Received: from [85.158.143.35:29138] by server-1.bemta-4.messagelabs.com id AE/32-02132-00017A25; Tue, 10 Dec 2013 12:58:40 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-7.tower-21.messagelabs.com!1386680318!4616381!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 6.9.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 6930 invoked from network); 10 Dec 2013 12:58:39 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-7.tower-21.messagelabs.com with AES256-SHA encrypted SMTP; 10 Dec 2013 12:58:39 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VqMtV-00007D-QA; Tue, 10 Dec 2013 12:58:33 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1VqMtV-0007EA-Nj; Tue, 10 Dec 2013 12:58:33 +0000 Date: Tue, 10 Dec 2013 12:58:33 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 80 (CVE-2013-6400) - IOMMU TLB flushing may be inadvertently suppressed X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-6400 / XSA-80 version 3 IOMMU TLB flushing may be inadvertently suppressed UPDATES IN VERSION 3 ==================== Public release. Corrected explanatory text to refer to the correct patch filename. ISSUE DESCRIPTION ================= An internal flag is used to temporarily suppress IOMMU TLB flushes, in order to consolidate multiple single page flushes into one wider flush. This flag is not cleared again, on certain error paths. This can result in TLB flushes not happening when they are needed. Retaining stale TLB entries could allow guests access to memory that ought to have been revoked, or grant greater access than intended. IMPACT ====== Malicious guest administrators might be able to cause host-wide denial of service, or escalate their privilege to that of the host. VULNERABLE SYSTEMS ================== Only VMs which have been assigned PCI devices can exploit the bug. Only systems using Intel VT-d are vulnerable, since the bug is in the VT-d specific code in Xen. Xen 4.2.x and later are vulnerable. Xen 4.1.x and earlier are not vulnerable. MITIGATION ========== This issue can be avoided by not assigning PCI devices to untrusted guests on systems supporting Intel VT-d. CREDITS ======= This issue was discovered by Jan Beulich. RESOLUTION ========== Applying the attached patch resolves this issue. xsa80.patch Xen 4.2.x, Xen 4.3.x, xen-unstable $ sha256sum xsa80*.patch d15e627c59dd48e1cacb2fbcd5e2148975daa426df1f693b991d69201c048e77 xsa80.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJSpw/SAAoJEIP+FMlX6CvZu48IAIsJz4NRVXqCYl9hjtFhgfhL /V2J9T9Xp0/iNTmfP6FMu2wIZohAcosMOaZ5NXouIb50bta2mpeQhA0K0RZLEin5 2QH9rcfYYchAeQjPt72QVPH3iMTWdPXXV3HDuqXI+G+II64bonHvArtAwYxeJpWM ZwegEnxsEk2YsYk+TYGMzQws2sXygx06JxEJsE9/Q6BOJG9jnwvtRsleVDuMuBMR 6U1DdaxZohk5k1xqS5Y6udyXpJQgob7fMdwAoLWxxlb7vB3kOgzMoorVrzRZ0LcZ LmqBYxdCQRV+Tn19eE9xo1LjBr9qBS13nGDQbyIADoF85N/SmZoMycRsqunUQ2U= =rB23 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa80.patch" Content-Disposition: attachment; filename="xsa80.patch" Content-Transfer-Encoding: base64 SU9NTVU6IGNsZWFyICJkb24ndCBmbHVzaCIgb3ZlcnJpZGUgb24gZXJyb3Ig cGF0aHMKCkJvdGggeGVubWVtX2FkZF90b19waHlzbWFwKCkgYW5kIGlvbW11 X3BvcHVsYXRlX3BhZ2VfdGFibGUoKSBlYWNoIGhhdmUKYW4gZXJyb3IgcGF0 aCB0aGF0IGZhaWxzIHRvIGNsZWFyIHRoYXQgZmxhZywgdGh1cyBzdXBwcmVz c2luZyBmdXJ0aGVyCmZsdXNoZXMgb24gdGhlIHJlc3BlY3RpdmUgcENQVS4K CkluIGlvbW11X3BvcHVsYXRlX3BhZ2VfdGFibGUoKSBhbHNvIHNsaWdodGx5 IHJlLWFycmFuZ2UgY29kZSB0byBhdm9pZAp0aGUgZmFsc2UgaW1wcmVzc2lv biBvZiB0aGUgZmxhZyBpbiBxdWVzdGlvbiBiZWluZyBndWFyZGVkIGJ5IGEK ZG9tYWluJ3MgcGFnZV9hbGxvY19sb2NrLgoKVGhpcyBpcyBDVkUtMjAxMy02 NDAwIC8gWFNBLTgwLgoKU2lnbmVkLW9mZi1ieTogSmFuIEJldWxpY2ggPGpi ZXVsaWNoQHN1c2UuY29tPgpBY2tlZC1ieTogSWFuIENhbXBiZWxsIDxpYW4u Y2FtcGJlbGxAY2l0cml4LmNvbT4KCi0tLSBhL3hlbi9hcmNoL3g4Ni9tbS5j CisrKyBiL3hlbi9hcmNoL3g4Ni9tbS5jCkBAIC00NjQ4LDcgKzQ2NDgsNyBA QCBzdGF0aWMgaW50IHhlbm1lbV9hZGRfdG9fcGh5c21hcChzdHJ1Y3QgCiAg ICAgICAgIHsKICAgICAgICAgICAgIHJjID0geGVubWVtX2FkZF90b19waHlz bWFwX29uY2UoZCwgeGF0cCk7CiAgICAgICAgICAgICBpZiAoIHJjIDwgMCAp Ci0gICAgICAgICAgICAgICAgcmV0dXJuIHJjOworICAgICAgICAgICAgICAg IGJyZWFrOwogCiAgICAgICAgICAgICB4YXRwLT5pZHgrKzsKICAgICAgICAg ICAgIHhhdHAtPmdwZm4rKzsKLS0tIGEveGVuL2RyaXZlcnMvcGFzc3Rocm91 Z2gvaW9tbXUuYworKysgYi94ZW4vZHJpdmVycy9wYXNzdGhyb3VnaC9pb21t dS5jCkBAIC0zMDYsMTEgKzMwNiwxMSBAQCBzdGF0aWMgaW50IGlvbW11X3Bv cHVsYXRlX3BhZ2VfdGFibGUoc3RyCiB7CiAgICAgc3RydWN0IGh2bV9pb21t dSAqaGQgPSBkb21haW5faHZtX2lvbW11KGQpOwogICAgIHN0cnVjdCBwYWdl X2luZm8gKnBhZ2U7Ci0gICAgaW50IHJjOworICAgIGludCByYyA9IDA7CiAK KyAgICB0aGlzX2NwdShpb21tdV9kb250X2ZsdXNoX2lvdGxiKSA9IDE7CiAg ICAgc3Bpbl9sb2NrKCZkLT5wYWdlX2FsbG9jX2xvY2spOwogCi0gICAgdGhp c19jcHUoaW9tbXVfZG9udF9mbHVzaF9pb3RsYikgPSAxOwogICAgIHBhZ2Vf bGlzdF9mb3JfZWFjaCAoIHBhZ2UsICZkLT5wYWdlX2xpc3QgKQogICAgIHsK ICAgICAgICAgaWYgKCBpc19odm1fZG9tYWluKGQpIHx8CkBAIC0zMjAsMTgg KzMyMCwyMCBAQCBzdGF0aWMgaW50IGlvbW11X3BvcHVsYXRlX3BhZ2VfdGFi bGUoc3RyCiAgICAgICAgICAgICByYyA9IGhkLT5wbGF0Zm9ybV9vcHMtPm1h cF9wYWdlKAogICAgICAgICAgICAgICAgIGQsIG1mbl90b19nbWZuKGQsIHBh Z2VfdG9fbWZuKHBhZ2UpKSwgcGFnZV90b19tZm4ocGFnZSksCiAgICAgICAg ICAgICAgICAgSU9NTVVGX3JlYWRhYmxlfElPTU1VRl93cml0YWJsZSk7Ci0g ICAgICAgICAgICBpZiAocmMpCi0gICAgICAgICAgICB7Ci0gICAgICAgICAg ICAgICAgc3Bpbl91bmxvY2soJmQtPnBhZ2VfYWxsb2NfbG9jayk7Ci0gICAg ICAgICAgICAgICAgaGQtPnBsYXRmb3JtX29wcy0+dGVhcmRvd24oZCk7Ci0g ICAgICAgICAgICAgICAgcmV0dXJuIHJjOwotICAgICAgICAgICAgfQorICAg ICAgICAgICAgaWYgKCByYyApCisgICAgICAgICAgICAgICAgYnJlYWs7CiAg ICAgICAgIH0KICAgICB9Ci0gICAgdGhpc19jcHUoaW9tbXVfZG9udF9mbHVz aF9pb3RsYikgPSAwOwotICAgIGlvbW11X2lvdGxiX2ZsdXNoX2FsbChkKTsK KwogICAgIHNwaW5fdW5sb2NrKCZkLT5wYWdlX2FsbG9jX2xvY2spOwotICAg IHJldHVybiAwOworICAgIHRoaXNfY3B1KGlvbW11X2RvbnRfZmx1c2hfaW90 bGIpID0gMDsKKworICAgIGlmICggIXJjICkKKyAgICAgICAgaW9tbXVfaW90 bGJfZmx1c2hfYWxsKGQpOworICAgIGVsc2UKKyAgICAgICAgaGQtPnBsYXRm b3JtX29wcy0+dGVhcmRvd24oZCk7CisKKyAgICByZXR1cm4gcmM7CiB9CiAK IAo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Dec 10 12:59:47 2013 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 10 Dec 2013 12:59:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VqMtd-0006Yn-ML; Tue, 10 Dec 2013 12:58:41 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VqMtb-0006Uq-MF; Tue, 10 Dec 2013 12:58:40 +0000 Received: from [85.158.139.211:18165] by server-13.bemta-5.messagelabs.com id A8/22-11357-EFF07A25; Tue, 10 Dec 2013 12:58:38 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-15.tower-206.messagelabs.com!1386680316!3508789!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 6.9.16; banners=-,-,- X-VirusChecked: Checked Received: (qmail 2357 invoked from network); 10 Dec 2013 12:58:37 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-15.tower-206.messagelabs.com with AES256-SHA encrypted SMTP; 10 Dec 2013 12:58:37 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VqMtS-000071-1c; Tue, 10 Dec 2013 12:58:30 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1VqMtR-0007D8-OW; Tue, 10 Dec 2013 12:58:29 +0000 Date: Tue, 10 Dec 2013 12:58:29 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 77 - Disaggregated domain management security status X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory XSA-77 version 3 Disaggregated domain management security status UPDATES IN VERSION 3 ==================== Public release. The included documentation patch now updates the xsm-flash.txt documentation rather than the Xen public headers. The advisory has been updated to reflect this. Made the warning about the documentation patch stand out more clearly. ISSUE DESCRIPTION ================= Xen supports disaggregation of various support and management functions into their own domains; this is often done for security and robustness reasons. In Xen 4.3 additional functionality was introduced to allow further disaggregation: the Xen Security Modules mechanism was enhanced to make it possible to delegate various domain control hypercalls to particular other domains, rather than only permitting use by dom0. However the several affected hypercall implementations were originally written to be used only by the totally-privileged dom0, and have not been reviewed for security when exposed to supposedly-only-semi-privileged disaggregated management domains. But such management domains are (in such a design) to be seen as potentially hostile, e.g. due to privilege escalation following exploitation of a bug in the management domain. As a result, the potential security benefits of toolstack disaggregation are not always fully realised. This constitutes a breach of the enhanced security promises implied by the Xen APIs in Xen in 4.3 and later. The affected hypercalls are: __HYPERVISOR_domctl: The majority of the XEN_DOMCTL_* subops are affected. Exceptions are listed below. __HYPERVISOR_sysctl: All XEN_SYSCTL_* subops are affected. __HYPERVISOR_memory_op: A small number of XENMEM_* subops are affected. See below. __HYPERVISOR_tmem_op: All TMEMC_* sub-subops of the TMEM_CONTROL subop are affected. The majority of the domctls are subject to this issue. Prior to 4.3, only the following domctls were disaggregatable, and they are NOT affected by these problems: XEN_DOMCTL_ioport_mapping XEN_DOMCTL_bind_pt_irq XEN_DOMCTL_memory_mapping XEN_DOMCTL_unbind_pt_irq The implementations of these were written with semi-trusted callers in mind. Only the following memory op subops are affected: XENMEM_set_pod_target XENMEM_get_pod_target XENMEM_claim_pages The remainder of the memory ops were written with untrusted or semi-trusted callers in mind. IMPACT ====== Domains deliberately given partial management control may be able to deny service to the entire host or even escalate their privileges. As a result, in a system designed to enhance security by radically disaggregating the management, the security may be reduced. But, the security will be no worse than a non-disaggregated design. VULNERABLE SYSTEMS ================== This issue is only relevant to systems which intend to increase security through the use of advanced disaggregated management techniques. This does not include systems using libxl, libvirt, xm/xend, XCP/XenServer, OpenStack or CloudStack (unless substantially modified or supplemented, as compared to versions supplied by the respective upstreams). This issue is not relevant to stub device models, driver domains, or stub xenstored. Those disaggregation techniques do not rely on granting the semi-privileged support domains access to the affected interfaces, and are believed to provide the intended security benefits. This issue is only relevant to Xen 4.3 and xen-unstable, and not to any earlier version. PROCESS FOR VULNERABILITIES IN AFFECTED INTERFACES ================================================== Until the interfaces have been properly reviewed for security against hostile callers, the Xen.org security team intends (subject of course to the permission of anyone disclosing to us) to handle these and future vulnerabilities in these interfaces in public, as if they were normal non-security-related bugs. This applies only to bugs which do no more than reduce the security of a radically disaggregated system to the security of a non-disaggregated one. Here a "radically disaggregated system" is one which uses the XSM mechanism to delegate the affected interfaces to other-than-fully-trusted domains. This policy does not apply to bugs which affect stub device models, driver domains, or stub xenstored - even if those bugs do no worse than reduce the security of such a system to one whose device models, backend drivers, or xenstore, run in dom0. The list of interfaces which are subject to the above process exception are listed in the Xen Source tree in docs/misc/xsm-flask under the heading "Security Status of dom0 disaggregation". This document is also available at http://xenbits.xen.org/docs/unstable/misc/xsm-flask.txt. We intend that currently-known problems will be publicly disclosed on the xen-devel mailing list, as normal bug reports, at the expiry of the XSA-77 embargo. In the meantime the list below may be helpful. MITIGATION ========== The issues discussed in this advisory are themselves bugs in features used for a security risk mitigation. There is no further mitigation available, beyond general measures to try to avoid parts of the system management becoming controlled by attackers. Those are the kind of measures which we expect any users of radical disaggregation to have already deployed. Switching from disaggregated to a non-disaggregated operation does NOT mitigate these vulnerabilities. Rather, it simply recategorises the vulnerability to hostile management code, regarding it "as designed"; thus it merely reclassifies these issues as "not a bug". Users and vendors of disaggregated systems should not change their configuration. The robustness benefits of disaggregation are unaffected, and (depending on system design) security benefits are likely to remain despite the vulnerabilities. RESOLUTION ========== We hope that the control interface attack surface can be reviewed and improved so that disaggregation can deliver its security benefits more fully. Patches resulting from this process will be developed in public and applied to the Xen trees as if they were ordinary bugfixes. In the meantime the attached patch will be applied to the unstable branch in order to track which interfaces are subject to this exception. This patch is purely documentary and DOES NOT resolve any issue. $ sha256sum xsa77*.patch bd9daffa8abfb05fb4a474e903dcd777352a705c1cf6e89343ea6545d545e4cb xsa77-unstable.patch $ CREDITS ======= The issues which prompted this advisory were discovered by Jan Beulich and Don Slutz. LIST OF KNOWN VULNERABILITIES ============================= **NOTE** that this is unlikely to be a complete list of problems. **NOTE** that after publication of this advisory, after the embargo ends, the advisory will no longer be updated to extend this list of vulnerabilities. See `Process for domctl vulnerabilities', above. Multiple domctls can be made, by the caller, to perform excessively long-running operations. This can result in host-wide denial of service and watchdog-induced crashes. XEN_DOMCTL_gethvmcontext_partial allows access to guest state, in particular certain pieces that are per-vCPU. If one or more of a guest's vCPU-s are offline, the space internally allocated to store each individual vCPU's state would not get fully used and, due to another bug, information from the portion that didn't get initialized may be returned back to the caller. In the course of processing the request to set register state for another PV guest's vCPU, the hypervisor updated the in memory copy of the debug register values twice - first by simply copying over the values, and in a second step through code properly verifying them. Between the two operations there are, however, other error exit paths, making it possible that unvalidated state could remain in place and be loaded when the vCPU is next scheduled to run. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJSpw/NAAoJEIP+FMlX6CvZBskH/j4YsHS48A82IEez4Zn7m+m6 n2d3UjT7fAAgxvqD3YJ7gsZI0Xi4PKw4ThHmmV6ZIdE18jju9ByrcsLLA/z77sO4 eUEastK49XKQ1Him7v+XB2/zfZ2ty/grnWS9dk5r18hVQLv+KIuQoyB+/QHt3bD4 i06R6iyhE57yJiD72bTNflITioyuZybMG/MM+7Pby8OVblagNgUS3YK9Z5J246/e fWDTUsgI6c63zWRjqwBZB0vI+omr/GfNUX0e77LMnv/f/X6jwVBdNML2RDI9HDRO lWdfQQeYHQN/mK6OD5s13+qIonv3iq8wJjeRxvQpQKAnjynFu61VDnp/ghN6xnE= =lQLn -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa77-unstable.patch" Content-Disposition: attachment; filename="xsa77-unstable.patch" Content-Transfer-Encoding: base64 eGVuOiBsaXN0IGludGVyZmFjZXMgc3ViamVjdCB0byB0aGUgc2VjdXJpdHkg cHJvY2VzcyBleGNlcHRpb24gaW4gWFNBLTc3CgpMaXN0IGFsbCB0aGUgc3Vi IG9wcyBvZjoKICBfX0hZUEVSVklTT1JfZG9tY3RsCiAgX19IWVBFUlZJU09S X3N5c2N0bAogIF9fSFlQRVJWSVNPUl9tZW1vcnlfb3AKICBfX0hZUEVSVklT T1JfdG1lbV9vcAp3aGljaCBhcmUgc3ViamVjdCB0byB0aGUgcG9saWN5IGdp dmVuIGluCmh0dHA6Ly94ZW5iaXRzLnhlbi5vcmcveHNhL2Fkdmlzb3J5LTc3 Lmh0bWwKCkl0IGlzIGV4cGVjdGVkIHRoYXQgdGhlc2UgbGlzdHMgd2lsbCBi ZSB3aGl0dGxlZCBhd2F5IGFzIGVhY2ggaW50ZXJmYWNlIGlzCmF1ZGl0ZWQg Zm9yIHNhZmV0eS4KCk5ldyBpbnRlcmZhY2VzIHNob3VsZCBiZSBleHBlY3Rl ZCB0byBiZSBzYWZlIHdoZW4gaW50cm9kdWNlZCAoSU9XIHRoZSBsaXN0CnNo b3VsZCBuZXZlciBiZSBleHBhbmRlZCkuCgpUaGlzIGlzIFhTQS03Ny4KClNp Z25lZC1vZmYtYnk6IElhbiBDYW1wYmVsbCA8aWFuLmNhbXBiZWxsQGNpdHJp eC5jb20+CgpkaWZmIC0tZ2l0IGEvZG9jcy9taXNjL3hzbS1mbGFzay50eHQg Yi9kb2NzL21pc2MveHNtLWZsYXNrLnR4dAppbmRleCBmZjgxYjAxLi5kZGQ1 ODMxIDEwMDY0NAotLS0gYS9kb2NzL21pc2MveHNtLWZsYXNrLnR4dAorKysg Yi9kb2NzL21pc2MveHNtLWZsYXNrLnR4dApAQCAtMTcsNiArMTcsMTg5IEBA IFNvbWUgZXhhbXBsZXMgb2Ygd2hhdCBGTEFTSyBjYW4gZG86CiBTb21lIG9m IHRoZXNlIGV4YW1wbGVzIHJlcXVpcmUgZG9tMCBkaXNhZ2dyZWdhdGlvbiB0 byBiZSB1c2VmdWwsIHNpbmNlIHRoZQogZG9tYWluIGJ1aWxkIHByb2Nlc3Mg cmVxdWlyZXMgdGhlIGFiaWxpdHkgdG8gd3JpdGUgdG8gdGhlIG5ldyBkb21h aW4ncyBtZW1vcnkuCiAKK1NlY3VyaXR5IFN0YXR1cyBvZiBkb20wIGRpc2Fn Z3JlZ2F0aW9uCistLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLQorCitYZW4gc3VwcG9ydHMgZGlzYWdncmVnYXRpb24gb2YgdmFyaW91 cyBzdXBwb3J0IGFuZCBtYW5hZ2VtZW50CitmdW5jdGlvbnMgaW50byB0aGVp ciBvd24gZG9tYWlucywgdmlhIHRoZSBYU00gbWVjaGFuaXNtcyBkZXNjcmli ZWQgaW4KK3RoaXMgZG9jdW1lbnQuCisKK0hvd2V2ZXIgdGhlIGltcGxlbWVu dGF0aW9ucyBvZiB0aGVzZSBzdXBwb3J0IGFuZCBtYW5hZ2VtZW50IGludGVy ZmFjZXMKK3dlcmUgb3JpZ2luYWxseSB3cml0dGVuIHRvIGJlIHVzZWQgb25s eSBieSB0aGUgdG90YWxseS1wcml2aWxlZ2VkCitkb20wLCBhbmQgaGF2ZSBu b3QgYmVlbiByZXZpZXdlZCBmb3Igc2VjdXJpdHkgd2hlbiBleHBvc2VkIHRv CitzdXBwb3NlZGx5LW9ubHktc2VtaS1wcml2aWxlZ2VkIGRpc2FnZ3JlZ2F0 ZWQgbWFuYWdlbWVudCBkb21haW5zLiAgQnV0CitzdWNoIG1hbmFnZW1lbnQg ZG9tYWlucyBhcmUgKGluIHN1Y2ggYSBkZXNpZ24pIHRvIGJlIHNlZW4gYXMK K3BvdGVudGlhbGx5IGhvc3RpbGUsIGUuZy4gZHVlIHRvIHByaXZpbGVnZSBl c2NhbGF0aW9uIGZvbGxvd2luZworZXhwbG9pdGF0aW9uIG9mIGEgYnVnIGlu IHRoZSBtYW5hZ2VtZW50IGRvbWFpbi4KKworVW50aWwgdGhlIGludGVyZmFj ZXMgaGF2ZSBiZWVuIHByb3Blcmx5IHJldmlld2VkIGZvciBzZWN1cml0eSBh Z2FpbnN0Citob3N0aWxlIGNhbGxlcnMsIHRoZSBYZW4ub3JnIHNlY3VyaXR5 IHRlYW0gaW50ZW5kcyAoc3ViamVjdCBvZiBjb3Vyc2UKK3RvIHRoZSBwZXJt aXNzaW9uIG9mIGFueW9uZSBkaXNjbG9zaW5nIHRvIHVzKSB0byBoYW5kbGUg dGhlc2UgYW5kCitmdXR1cmUgdnVsbmVyYWJpbGl0aWVzIGluIHRoZXNlIGlu dGVyZmFjZXMgaW4gcHVibGljLCBhcyBpZiB0aGV5IHdlcmUKK25vcm1hbCBu b24tc2VjdXJpdHktcmVsYXRlZCBidWdzLgorCitUaGlzIGFwcGxpZXMgb25s eSB0byBidWdzIHdoaWNoIGRvIG5vIG1vcmUgdGhhbiByZWR1Y2UgdGhlIHNl Y3VyaXR5IG9mCithIHJhZGljYWxseSBkaXNhZ2dyZWdhdGVkIHN5c3RlbSB0 byB0aGUgc2VjdXJpdHkgb2YgYQorbm9uLWRpc2FnZ3JlZ2F0ZWQgb25lLiAg SGVyZSBhICJyYWRpY2FsbHkgZGlzYWdncmVnYXRlZCBzeXN0ZW0iIGlzIG9u ZQord2hpY2ggdXNlcyB0aGUgWFNNIG1lY2hhbmlzbSB0byBkZWxlZ2F0ZSB0 aGUgYWZmZWN0ZWQgaW50ZXJmYWNlcyB0bworb3RoZXItdGhhbi1mdWxseS10 cnVzdGVkIGRvbWFpbnMuCisKK1RoaXMgcG9saWN5IGRvZXMgbm90IGFwcGx5 IHRvIGJ1Z3Mgd2hpY2ggYWZmZWN0IHN0dWIgZGV2aWNlIG1vZGVscywKK2Ry aXZlciBkb21haW5zLCBvciBzdHViIHhlbnN0b3JlZCAtIGV2ZW4gaWYgdGhv c2UgYnVncyBkbyBubyB3b3JzZQordGhhbiByZWR1Y2UgdGhlIHNlY3VyaXR5 IG9mIHN1Y2ggYSBzeXN0ZW0gdG8gb25lIHdob3NlIGRldmljZSBtb2RlbHMs CitiYWNrZW5kIGRyaXZlcnMsIG9yIHhlbnN0b3JlLCBydW4gaW4gZG9tMC4K KworRm9yIG1vcmUgaW5mb3JtYXRpb24gc2VlIGh0dHA6Ly94ZW5iaXRzLnhl bi5vcmcveHNhL2Fkdmlzb3J5LTc3Lmh0bWwuCisKK1RoZSBmb2xsb3dpbmcg aW50ZXJmYWNlcyBhcmUgY292ZXJlZCBieSB0aGlzIHN0YXRlbWVudC4gIElu dGVyZmFjZXMKK25vdCBsaXN0ZWQgaGVyZSBhcmUgY29uc2lkZXJlZCBzYWZl IGZvciBkaXNhZ2dyZWdhdGlvbiwgc2VjdXJpdHkKK2lzc3VlcyBmb3VuZCBp biBpbnRlcmZhY2VzIG5vdCBsaXN0ZWQgaGVyZSB3aWxsIGJlIGhhbmRsZWQg YWNjb3JkaW5nCit0byB0aGUgbm9ybWFsIHNlY3VyaXR5IHByb2JsZW0gcmVz cG9uc2UgcG9saWN5CitodHRwOi8vd3d3LnhlbnByb2plY3Qub3JnL3NlY3Vy aXR5LXBvbGljeS5odG1sLgorCitfX0hZUEVSVklTT1JfZG9tY3RsICh4ZW4v aW5jbHVkZS9wdWJsaWMvZG9tY3RsLmgpCisKKyBUaGUgZm9sbG93aW5nIHN1 Ym9wcyBhcmUgY292ZXJlZCBieSB0aGlzIHN0YXRlbWVudC4gc3Vib3BzIG5v dCBsaXN0ZWQKKyBoZXJlIGFyZSBjb25zaWRlcmVkIHNhZmUgZm9yIGRpc2Fn Z3JlZ2F0aW9uLgorCisgKiBYRU5fRE9NQ1RMX2NyZWF0ZWRvbWFpbgorICog WEVOX0RPTUNUTF9kZXN0cm95ZG9tYWluCisgKiBYRU5fRE9NQ1RMX3BhdXNl ZG9tYWluCisgKiBYRU5fRE9NQ1RMX3VucGF1c2Vkb21haW4KKyAqIFhFTl9E T01DVExfZ2V0ZG9tYWluaW5mbworICogWEVOX0RPTUNUTF9nZXRtZW1saXN0 CisgKiBYRU5fRE9NQ1RMX2dldHBhZ2VmcmFtZWluZm8KKyAqIFhFTl9ET01D VExfZ2V0cGFnZWZyYW1laW5mbzIKKyAqIFhFTl9ET01DVExfc2V0dmNwdWFm ZmluaXR5CisgKiBYRU5fRE9NQ1RMX3NoYWRvd19vcAorICogWEVOX0RPTUNU TF9tYXhfbWVtCisgKiBYRU5fRE9NQ1RMX3NldHZjcHVjb250ZXh0CisgKiBY RU5fRE9NQ1RMX2dldHZjcHVjb250ZXh0CisgKiBYRU5fRE9NQ1RMX2dldHZj cHVpbmZvCisgKiBYRU5fRE9NQ1RMX21heF92Y3B1cworICogWEVOX0RPTUNU TF9zY2hlZHVsZXJfb3AKKyAqIFhFTl9ET01DVExfc2V0ZG9tYWluaGFuZGxl CisgKiBYRU5fRE9NQ1RMX3NldGRlYnVnZ2luZworICogWEVOX0RPTUNUTF9p cnFfcGVybWlzc2lvbgorICogWEVOX0RPTUNUTF9pb21lbV9wZXJtaXNzaW9u CisgKiBYRU5fRE9NQ1RMX2lvcG9ydF9wZXJtaXNzaW9uCisgKiBYRU5fRE9N Q1RMX2h5cGVyY2FsbF9pbml0CisgKiBYRU5fRE9NQ1RMX2FyY2hfc2V0dXAK KyAqIFhFTl9ET01DVExfc2V0dGltZW9mZnNldAorICogWEVOX0RPTUNUTF9n ZXR2Y3B1YWZmaW5pdHkKKyAqIFhFTl9ET01DVExfcmVhbF9tb2RlX2FyZWEK KyAqIFhFTl9ET01DVExfcmVzdW1lZG9tYWluCisgKiBYRU5fRE9NQ1RMX3Nl bmR0cmlnZ2VyCisgKiBYRU5fRE9NQ1RMX3N1YnNjcmliZQorICogWEVOX0RP TUNUTF9nZXRodm1jb250ZXh0CisgKiBYRU5fRE9NQ1RMX3NldGh2bWNvbnRl eHQKKyAqIFhFTl9ET01DVExfc2V0X2FkZHJlc3Nfc2l6ZQorICogWEVOX0RP TUNUTF9nZXRfYWRkcmVzc19zaXplCisgKiBYRU5fRE9NQ1RMX2Fzc2lnbl9k ZXZpY2UKKyAqIFhFTl9ET01DVExfcGluX21lbV9jYWNoZWF0dHIKKyAqIFhF Tl9ET01DVExfc2V0X2V4dF92Y3B1Y29udGV4dAorICogWEVOX0RPTUNUTF9n ZXRfZXh0X3ZjcHVjb250ZXh0CisgKiBYRU5fRE9NQ1RMX3NldF9vcHRfZmVh dHVyZQorICogWEVOX0RPTUNUTF90ZXN0X2Fzc2lnbl9kZXZpY2UKKyAqIFhF Tl9ET01DVExfc2V0X3RhcmdldAorICogWEVOX0RPTUNUTF9kZWFzc2lnbl9k ZXZpY2UKKyAqIFhFTl9ET01DVExfc2V0X2NwdWlkCisgKiBYRU5fRE9NQ1RM X2dldF9kZXZpY2VfZ3JvdXAKKyAqIFhFTl9ET01DVExfc2V0X21hY2hpbmVf YWRkcmVzc19zaXplCisgKiBYRU5fRE9NQ1RMX2dldF9tYWNoaW5lX2FkZHJl c3Nfc2l6ZQorICogWEVOX0RPTUNUTF9zdXBwcmVzc19zcHVyaW91c19wYWdl X2ZhdWx0cworICogWEVOX0RPTUNUTF9kZWJ1Z19vcAorICogWEVOX0RPTUNU TF9nZXRodm1jb250ZXh0X3BhcnRpYWwKKyAqIFhFTl9ET01DVExfbWVtX2V2 ZW50X29wCisgKiBYRU5fRE9NQ1RMX21lbV9zaGFyaW5nX29wCisgKiBYRU5f RE9NQ1RMX2Rpc2FibGVfbWlncmF0ZQorICogWEVOX0RPTUNUTF9nZXR0c2Np bmZvCisgKiBYRU5fRE9NQ1RMX3NldHRzY2luZm8KKyAqIFhFTl9ET01DVExf Z2V0cGFnZWZyYW1laW5mbzMKKyAqIFhFTl9ET01DVExfc2V0dmNwdWV4dHN0 YXRlCisgKiBYRU5fRE9NQ1RMX2dldHZjcHVleHRzdGF0ZQorICogWEVOX0RP TUNUTF9zZXRfYWNjZXNzX3JlcXVpcmVkCisgKiBYRU5fRE9NQ1RMX2F1ZGl0 X3AybQorICogWEVOX0RPTUNUTF9zZXRfdmlycV9oYW5kbGVyCisgKiBYRU5f RE9NQ1RMX3NldF9icm9rZW5fcGFnZV9wMm0KKyAqIFhFTl9ET01DVExfc2V0 bm9kZWFmZmluaXR5CisgKiBYRU5fRE9NQ1RMX2dldG5vZGVhZmZpbml0eQor ICogWEVOX0RPTUNUTF9zZXRfbWF4X2V2dGNobgorICogWEVOX0RPTUNUTF9n ZGJzeF9ndWVzdG1lbWlvCisgKiBYRU5fRE9NQ1RMX2dkYnN4X3BhdXNldmNw dQorICogWEVOX0RPTUNUTF9nZGJzeF91bnBhdXNldmNwdQorICogWEVOX0RP TUNUTF9nZGJzeF9kb21zdGF0dXMKKworX19IWVBFUlZJU09SX3N5c2N0bCAo eGVuL2luY2x1ZGUvcHVibGljL3N5c2N0bC5oKQorCisgVGhlIGZvbGxvd2lu ZyBzdWJvcHMgYXJlIGNvdmVyZWQgYnkgdGhpcyBzdGF0ZW1lbnQuIHN1Ym9w cyBub3QgbGlzdGVkCisgaGVyZSBhcmUgY29uc2lkZXJlZCBzYWZlIGZvciBk aXNhZ2dyZWdhdGlvbi4KKworICogWEVOX1NZU0NUTF9yZWFkY29uc29sZQor ICogWEVOX1NZU0NUTF90YnVmX29wCisgKiBYRU5fU1lTQ1RMX3BoeXNpbmZv CisgKiBYRU5fU1lTQ1RMX3NjaGVkX2lkCisgKiBYRU5fU1lTQ1RMX3BlcmZj X29wCisgKiBYRU5fU1lTQ1RMX2dldGRvbWFpbmluZm9saXN0CisgKiBYRU5f U1lTQ1RMX2RlYnVnX2tleXMKKyAqIFhFTl9TWVNDVExfZ2V0Y3B1aW5mbwor ICogWEVOX1NZU0NUTF9hdmFpbGhlYXAKKyAqIFhFTl9TWVNDVExfZ2V0X3Bt c3RhdAorICogWEVOX1NZU0NUTF9jcHVfaG90cGx1ZworICogWEVOX1NZU0NU TF9wbV9vcAorICogWEVOX1NZU0NUTF9wYWdlX29mZmxpbmVfb3AKKyAqIFhF Tl9TWVNDVExfbG9ja3Byb2Zfb3AKKyAqIFhFTl9TWVNDVExfdG9wb2xvZ3lp bmZvCisgKiBYRU5fU1lTQ1RMX251bWFpbmZvCisgKiBYRU5fU1lTQ1RMX2Nw dXBvb2xfb3AKKyAqIFhFTl9TWVNDVExfc2NoZWR1bGVyX29wCisgKiBYRU5f U1lTQ1RMX2NvdmVyYWdlX29wCisKK19fSFlQRVJWSVNPUl9tZW1vcnlfb3Ag KHhlbi9pbmNsdWRlL3B1YmxpYy9tZW1vcnkuaCkKKworIFRoZSBmb2xsb3dp bmcgc3Vib3BzIGFyZSBjb3ZlcmVkIGJ5IHRoaXMgc3RhdGVtZW50LiBzdWJv cHMgbm90IGxpc3RlZAorIGhlcmUgYXJlIGNvbnNpZGVyZWQgc2FmZSBmb3Ig ZGlzYWdncmVnYXRpb24uCisKKyAqIFhFTk1FTV9zZXRfcG9kX3RhcmdldAor ICogWEVOTUVNX2dldF9wb2RfdGFyZ2V0CisgKiBYRU5NRU1fY2xhaW1fcGFn ZXMKKworX19IWVBFUlZJU09SX3RtZW1fb3AgKHhlbi9pbmNsdWRlL3B1Ymxp Yy90bWVtLmgpCisKKyBUaGUgZm9sbG93aW5nIHRtZW0gY29udHJvbCBvcHMs IHRoYXQgaXMgdGhlIHN1Yi1zdWJvcHMgb2YKKyBUTUVNX0NPTlRST0wsIGFy ZSBjb3ZlcmVkIGJ5IHRoaXMgc3RhdGVtZW50LiAKKworIE5vdGUgdGhhdCBU TUVNIGlzIGFsc28gc3ViamVjdCB0byBhIHNpbWlsYXIgcG9saWN5IGFyaXNp bmcgZnJvbQorIFhTQS0xNSBodHRwOi8vbGlzdHMueGVuLm9yZy9hcmNoaXZl cy9odG1sL3hlbi1hbm5vdW5jZS8yMDEyLTA5L21zZzAwMDA2Lmh0bWwuCisg RHVlIHRvIHRoaXMgZXhpc3RpbmcgcG9saWN5IGFsbCBUTUVNIE9wcyBhcmUg YWxyZWFkeSBzdWJqZWN0IHRvCisgcmVkdWNlZCBzZWN1cml0eSBzdXBwb3J0 LgorCisgKiBUTUVNQ19USEFXCisgKiBUTUVNQ19GUkVFWkUKKyAqIFRNRU1D X0ZMVVNICisgKiBUTUVNQ19ERVNUUk9ZCisgKiBUTUVNQ19MSVNUCisgKiBU TUVNQ19TRVRfV0VJR0hUCisgKiBUTUVNQ19TRVRfQ0FQCisgKiBUTUVNQ19T RVRfQ09NUFJFU1MKKyAqIFRNRU1DX1FVRVJZX0ZSRUVBQkxFX01CCisgKiBU TUVNQ19TQVZFX0JFR0lOCisgKiBUTUVNQ19TQVZFX0dFVF9WRVJTSU9OCisg KiBUTUVNQ19TQVZFX0dFVF9NQVhQT09MUworICogVE1FTUNfU0FWRV9HRVRf Q0xJRU5UX1dFSUdIVAorICogVE1FTUNfU0FWRV9HRVRfQ0xJRU5UX0NBUAor ICogVE1FTUNfU0FWRV9HRVRfQ0xJRU5UX0ZMQUdTCisgKiBUTUVNQ19TQVZF X0dFVF9QT09MX0ZMQUdTCisgKiBUTUVNQ19TQVZFX0dFVF9QT09MX05QQUdF UworICogVE1FTUNfU0FWRV9HRVRfUE9PTF9VVUlECisgKiBUTUVNQ19TQVZF X0dFVF9ORVhUX1BBR0UKKyAqIFRNRU1DX1NBVkVfR0VUX05FWFRfSU5WCisg KiBUTUVNQ19TQVZFX0VORAorICogVE1FTUNfUkVTVE9SRV9CRUdJTgorICog VE1FTUNfUkVTVE9SRV9QVVRfUEFHRQorICogVE1FTUNfUkVTVE9SRV9GTFVT SF9QQUdFCisKKwogCiBTZXR0aW5nIHVwIEZMQVNLCiAtLS0tLS0tLS0tLS0t LS0tCg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator--