VT-d interrupt remapping source validation flaw for bridges

ISSUE DESCRIPTION

Interrupt remapping table entries for MSI interrupts set up by bridge devices did not get any source validation set up on them, allowing misbehaving or malicious guests to inject interrupts into the domain owning the bridges.
In a typical Xen system bridge devices are owned by domain 0, leaving it vulnerable to such an attack. Such a DoS is likely to have an impact on other guests running in the system.

IMPACT

A malicious domain, given access to a device which bus mastering capable, can mount a denial of service attack affecting the whole system.

VULNERABLE SYSTEMS

Xen version 4.0 onwards is vulnerable.
Only systems using Intel VT-d for PCI passthrough are vulnerable.
Any domain which is given access to a PCI device that is bus mastering capable can take advantage of this vulnerability.