[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86
(removing all lists inappropriate for a question like this one) On 01.09.2021 15:22, Jason Andryuk wrote: > On Wed, Sep 1, 2021 at 5:34 AM Xen.org security team <security@xxxxxxx> wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> Xen Security Advisory CVE-2021-28694,CVE-2021-28695,CVE-2021-28696 / XSA-378 >> version 3 >> >> IOMMU page mapping issues on x86 >> >> UPDATES IN VERSION 3 >> ==================== >> >> Warn about dom0=pvh breakage in Resolution section. >> >> ISSUE DESCRIPTION >> ================= >> >> Both AMD and Intel allow ACPI tables to specify regions of memory >> which should be left untranslated, which typically means these >> addresses should pass the translation phase unaltered. While these >> are typically device specific ACPI properties, they can also be >> specified to apply to a range of devices, or even all devices. >> >> On all systems with such regions Xen failed to prevent guests from >> undoing/replacing such mappings (CVE-2021-28694). > > Is there a way to identify if a system's ACPI tables have untranslated > regions? Does it show up in xen or linux dmesg or can it be > identified in sysfs? For VT-d, "iommu=verbose" will cause ACPI table contents to get logged. For AMD you need to go one step further and set "iommu=debug". Obviously you'll want to be careful with enabling anything like this on production systems. Jan
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |