Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:Update
xen.36362
xsa461.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xsa461.patch of Package xen.36362
Subject: x86/pass-through: documents as security-unsupported when sharing resources From: Jan Beulich jbeulich@suse.com Tue Aug 13 16:52:44 2024 +0200 Date: Tue Aug 13 16:52:44 2024 +0200: Git: 638f21616a7a9e94ebae134573ca42d977a65063 When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration cannot really be security-supported, yet making that explicit was so far missing. This is XSA-461 / CVE-2024-31146. Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Juergen Gross <jgross@suse.com> master commit: 9c94eda1e3790820699a6de3f6a7c959ecf30600 master date: 2024-08-13 16:37:25 +0200 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -715,6 +715,11 @@ This feature is not security supported: Only systems using IOMMUs are supported. +Passing through of devices sharing resources with another device is not +security supported. Such sharing could e.g. be the same line interrupt being +used by multiple devices, one of which is to be passed through, or two such +devices having memory BARs within the same 4k page. + Not compatible with migration, populate-on-demand, altp2m, introspection, memory sharing, or memory paging.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor