[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86

  • To: Jason Andryuk <jandryuk@xxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 1 Sep 2021 15:45:34 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=h++qf6KL033IrhpD4G9A6T6GzqjOOh03iX8crHOUczI=; b=Yg5C7l/JK4Ol2KDRKt/3rW7rwD0yAREQK9pb7+YNteb49CiX3W7dgtCkSoZXxPXl/CG43pmRZa2bDhM/9rtG2H5NZLNWCCe7bzauDkavAf/I7jlu0fM8RvwNJjntpjwiUq6I18jryTq3tR8UYPtqlGv6YhyyK1w6OWqHb2NhGd76NxxcnmCdn6MuWZdB3Ja+1PXVkyqMUSKPZH44rD/6yRYJ99P3UyB6HcNO7c8irErHf/ZFNCpIKToebI6L/MQfAsGQ2tU+3d/lFqF8XD1ymo5vwwqgHpxImgo/vg5+8WFdDDjTE5Xh5j4JlJTbkViITH3Usmu60yc6X93gCsD8rQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GuXJfWY0amJ91RgzcHI470nvMF64yGQ3cnRte9BYhY/5ix/pOgT3/l0WrDbceGnUmo91wGrHuAz2ESz8JkC1Sh8jrSRmqDh4KYDpZ1eIRMfLWOOf99ySvgQw1dYfvX0gF8qmJNs6Z/0Uj0tuoymOjQA8K4uGWbRY1riL+t0/mz7SppE4JRxe4DlaYP84TdcFq5VYXG2jZKPfAmLS+8S6i8mcfKyU9/7bOwNidn702QFEghLyJ7FJ5vA0FCh7wpiO7PRwEuYnAuXVUVnWU2xpHs+x4YAEs0yicOzxhiWXy/0pTtJockM7kiwuBITPfn5DDIDHOg7WgfY9PwSi+2DQbg==
  • Authentication-results: lists.xen.org; dkim=none (message not signed) header.d=none;lists.xen.org; dmarc=none action=none header.from=suse.com;
  • Cc: xen-devel@xxxxxxxxxxxxx
  • Delivery-date: Wed, 01 Sep 2021 13:45:57 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
(removing all lists inappropriate for a question like this one)

On 01.09.2021 15:22, Jason Andryuk wrote:
> On Wed, Sep 1, 2021 at 5:34 AM Xen.org security team <security@xxxxxxx> wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>>  Xen Security Advisory CVE-2021-28694,CVE-2021-28695,CVE-2021-28696 / XSA-378
>>                                    version 3
>>
>>                    IOMMU page mapping issues on x86
>>
>> UPDATES IN VERSION 3
>> ====================
>>
>> Warn about dom0=pvh breakage in Resolution section.
>>
>> ISSUE DESCRIPTION
>> =================
>>
>> Both AMD and Intel allow ACPI tables to specify regions of memory
>> which should be left untranslated, which typically means these
>> addresses should pass the translation phase unaltered.  While these
>> are typically device specific ACPI properties, they can also be
>> specified to apply to a range of devices, or even all devices.
>>
>> On all systems with such regions Xen failed to prevent guests from
>> undoing/replacing such mappings (CVE-2021-28694).
> 
> Is there a way to identify if a system's ACPI tables have untranslated
> regions?  Does it show up in xen or linux dmesg or can it be
> identified in sysfs?

For VT-d, "iommu=verbose" will cause ACPI table contents to get logged.
For AMD you need to go one step further and set "iommu=debug". Obviously
you'll want to be careful with enabling anything like this on production
systems.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.