diff options
author | Daniel NĂ©ri <dne+alpine@mayonnaise.net> | 2021-11-21 02:16:01 +0100 |
---|---|---|
committer | Ariadne Conill <ariadne@dereferenced.org> | 2021-11-23 17:10:17 -0600 |
commit | 55db10b41125d69e622840e6b3ca01a5da7965fa (patch) | |
tree | 63b8112a494243f9b4f159cb2f879c360ef70e95 /main/xen/xsa386.patch | |
parent | 0ad6c9c349f2b470ebf7c805e174d7a53798ec50 (diff) |
main/xen: security fix for XSA-386/CVE-2021-28702
Diffstat (limited to 'main/xen/xsa386.patch')
-rw-r--r-- | main/xen/xsa386.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/main/xen/xsa386.patch b/main/xen/xsa386.patch new file mode 100644 index 00000000000..83f24d30d53 --- /dev/null +++ b/main/xen/xsa386.patch @@ -0,0 +1,29 @@ +From: Jan Beulich <jbeulich@suse.com> +Subject: VT-d: fix deassign of device with RMRR +Date: Fri, 1 Oct 2021 15:05:42 +0200 + +Ignoring a specific error code here was not meant to short circuit +deassign to _just_ the unmapping of RMRRs. This bug was previously +hidden by the bogus (potentially indefinite) looping in +pci_release_devices(), until f591755823a7 ("IOMMU/PCI: don't let domain +cleanup continue when device de-assignment failed") fixed that loop. + +This is CVE-2021-28702 / XSA-386. + +Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") +Reported-by: Ivan Kardykov <kardykov@tabit.pro> +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Tested-by: Ivan Kardykov <kardykov@tabit.pro> + +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -2409,7 +2409,7 @@ static int reassign_device_ownership( + ret = iommu_identity_mapping(source, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); +- if ( ret != -ENOENT ) ++ if ( ret && ret != -ENOENT ) + return ret; + } + } + |