PCI passthrough code reading back hardware registers

ISSUE DESCRIPTION

Code paths in Xen’s MSI handling have been identified which act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn’t be able to affect these registers, experience shows that it’s very common for devices to have out-of-spec “backdoor” operations which can affect the result of these reads.

IMPACT

A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded.

VULNERABLE SYSTEMS

All versions of Xen supporting PCI passthrough are affected.
Only x86 systems are vulnerable. Arm systems are not vulnerable.
Only guests with passed through PCI devices may be able to leverage the vulnerability.
Only systems passing through devices with out-of-spec (“backdoor”) functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it’s better to assume that it does.
REMINDER OF PCI PASSTHROUGH SUPPORT STATEMENT
The security team wishes to reiterate our support statement for PCI Device Passthrough (found in xen.git/SUPPORT.md):
“Because of hardware limitations (affecting any operating system or hypervisor), it is generally not safe to use this feature to expose a physical device to completely untrusted guests. However, this feature can still confer significant security benefit when used to remove drivers and backends from domain 0 (i.e., Driver Domains).”
The possibility of “backdoor” device functionality mentioned above is one of the major reasons for this stance. We issue this XSA to help maintain Driver Domains as a “defense-in-depth”, and also on behalf of those who may have done full security audits of their particular hardware platform. It does not change our stance that passing through PCI devices to untrusted guests is in general not safe.