certain VT-d IOMMUs may not work in shared page table mode

ISSUE DESCRIPTION

For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared between CPUs, for second-level translation (EPT), and IOMMUs. These page tables are presently set up to always be 4 levels deep. However, an IOMMU may require the use of just 3 page table levels. In such a configuration the lop level table needs to be stripped before inserting the root table’s address into the hardware pagetable base register. When sharing page tables, Xen erroneously skipped this stripping. Consequently, the guest is able to write to leaf page table entries.

IMPACT

A malicious guest may be able to escalate its privileges to that of the host.

VULNERABLE SYSTEMS

Xen version 4.15 is vulnerable. Xen versions 4.14 and earlier are not vulnerable.
Only x86 Intel systems with IOMMU(s) in use are affected. Arm systems, non-Intel x86 systems, and x86 systems without IOMMU are not affected.
Only HVM guests with passed-through PCI devices and configured to share IOMMU and EPT page tables are able to leverage the vulnerability on affected hardware. Note that page table sharing is the default configuration on capable hardware.
Systems are only affected if the IOMMU used for a passed through device requires the use of page tables less than 4 levels deep. We are informed that this is the case for some at least Ivybridge and earlier “client” chips; additionally it might be possible for such a situation to arise when Xen is running nested under another hypervisor, if an (emulated) Intel IOMMU is made available to Xen.