undue deferral of IOMMU TLB flushes

ISSUE DESCRIPTION

To efficiently change the physical to machine address mappings of a larger range of addresses for fully virtualized guests, Xen contains an optimization to coalesce per-page IOMMU TLB flushes into a single, wider flush after all adjustments have been made. While this is fine to do for newly introduced page mappings, the possible removal of pages from such guests during this operation should not be “optimized” in the same way. This is because the (typically) final reference of such pages is dropped before the coalesced flush, and hence the pages may have been put to a different use even though DMA initiated by their original owner mightstill be in progress.

IMPACT

A malicious guest might be able to cause data corruption and data leaks. Host or guest Denial of Service (DoS), and privilege escalation, cannot be ruled out.

VULNERABLE SYSTEMS

All Xen versions from 4.2 onwards are vulnerable. Xen versions 4.1 and earlier are not vulnerable.
Only x86 HVM and PVH guests can leverage the vulnerability. Arm guests as well as x86 PV ones cannot leverage the vulnerability.
Only x86 HVM and PVH guests which have physical devices passed through to them can leverage the vulnerability.
Only x86 HVM and PVH guests configured to not share IOMMU and CPU page tables can leverage the vulnerability. Sharing these page tables is the default on capable Intel (VT-d) hardware. On AMD hardware sharing is not possible. On Intel (VT-d) hardware sharing may also not be possible, depending on hardware properties. Whether it is possible can be seen from the presence (or absence) of “iommu_hap_pt_share” on the “virt_caps” line of “xl info” output. Guests run in shadow mode can leverage the vulnerability.