aboutsummaryrefslogtreecommitdiffstats
path: root/main/xen/xsa386.patch
diff options
context:
space:
mode:
authorDaniel NĂ©ri <dne+alpine@mayonnaise.net>2021-11-21 02:16:01 +0100
committerAriadne Conill <ariadne@dereferenced.org>2021-11-23 17:10:17 -0600
commit55db10b41125d69e622840e6b3ca01a5da7965fa (patch)
tree63b8112a494243f9b4f159cb2f879c360ef70e95 /main/xen/xsa386.patch
parent0ad6c9c349f2b470ebf7c805e174d7a53798ec50 (diff)
main/xen: security fix for XSA-386/CVE-2021-28702
Diffstat (limited to 'main/xen/xsa386.patch')
-rw-r--r--main/xen/xsa386.patch29
1 files changed, 29 insertions, 0 deletions
diff --git a/main/xen/xsa386.patch b/main/xen/xsa386.patch
new file mode 100644
index 00000000000..83f24d30d53
--- /dev/null
+++ b/main/xen/xsa386.patch
@@ -0,0 +1,29 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: VT-d: fix deassign of device with RMRR
+Date: Fri, 1 Oct 2021 15:05:42 +0200
+
+Ignoring a specific error code here was not meant to short circuit
+deassign to _just_ the unmapping of RMRRs. This bug was previously
+hidden by the bogus (potentially indefinite) looping in
+pci_release_devices(), until f591755823a7 ("IOMMU/PCI: don't let domain
+cleanup continue when device de-assignment failed") fixed that loop.
+
+This is CVE-2021-28702 / XSA-386.
+
+Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling")
+Reported-by: Ivan Kardykov <kardykov@tabit.pro>
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Tested-by: Ivan Kardykov <kardykov@tabit.pro>
+
+--- a/xen/drivers/passthrough/vtd/iommu.c
++++ b/xen/drivers/passthrough/vtd/iommu.c
+@@ -2409,7 +2409,7 @@ static int reassign_device_ownership(
+ ret = iommu_identity_mapping(source, p2m_access_x,
+ rmrr->base_address,
+ rmrr->end_address, 0);
+- if ( ret != -ENOENT )
++ if ( ret && ret != -ENOENT )
+ return ret;
+ }
+ }
+
generated by cgit v1.2.3 (git 2.41.0) at 2024-04-18 08:45:30 +0000