XSA-33

CVE-2012-5634


问题描述

http://xenbits.xen.org/xsa/advisory-33.html

VT-d interrupt remapping source validation flaw

When passing a device which is behind a legacy PCI Bridge through to a guest Xen incorrectly configures the VT-d hardware. This could allow incorrect interrupts to be injected to other guests which also have passthrough devices.

In a typical Xen system many devices are owned by domain 0 or driver domains, leaving them vulnerable to such an attack. Such a DoS is likely to have an impact on other guests running in the system.

lack of check (invalid interrupt source)


Patch描述

http://xenbits.xen.org/xsa/xsa.patch

VT-d: fix interrupt remapping source validation for devices behind legacy bridges

--- a/xen/drivers/passthrough/vtd/intremap.c
+++ b/xen/drivers/passthrough/vtd/intremap.c
@@ -499,7 +499,7 @@ static void set_msi_source_id(struct pci_dev *pdev, struct iremap_entry *ire)
                 set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
                             (bus << 8) | pdev->bus);
             else if ( pdev_type(bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE )
-                set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
+                set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16,
                             PCI_BDF2(bus, devfn));
         }
         break;

Consequence

A malicious domain, given access to a device which is behind a legacy PCI bridge, can mount a denial of service attack affecting the whole system.

DoS