[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen stable-4.18] x86/pass-through: documents as security-unsupported when sharing resources
commit c70619e2b758f2c9c2c7a8683ab7897d01461cd0 Author: Jan Beulich <jbeulich@xxxxxxxx> AuthorDate: Tue Aug 13 16:49:45 2024 +0200 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Tue Aug 13 16:49:45 2024 +0200 x86/pass-through: documents as security-unsupported when sharing resources When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration cannot really be security-supported, yet making that explicit was so far missing. This is XSA-461 / CVE-2024-31146. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Juergen Gross <jgross@xxxxxxxx> master commit: 9c94eda1e3790820699a6de3f6a7c959ecf30600 master date: 2024-08-13 16:37:25 +0200 --- SUPPORT.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/SUPPORT.md b/SUPPORT.md index 30ca5b15ed..b4715a65b5 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -804,6 +804,11 @@ This feature is not security supported: see https://xenbits.xen.org/xsa/advisory Only systems using IOMMUs are supported. +Passing through of devices sharing resources with another device is not +security supported. Such sharing could e.g. be the same line interrupt being +used by multiple devices, one of which is to be passed through, or two such +devices having memory BARs within the same 4k page. + Not compatible with migration, populate-on-demand, altp2m, introspection, memory sharing, or memory paging. -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |