[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.2] x86/HVM: eliminate vulnerabilities from hvm_inject_msi()
commit 46345224b938cd17e2440380b7430f86e93a3424 Author: Jan Beulich <jbeulich@xxxxxxxx> AuthorDate: Tue Jun 3 16:11:52 2014 +0200 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Tue Jun 3 16:11:52 2014 +0200 x86/HVM: eliminate vulnerabilities from hvm_inject_msi() - pirq_info() returns NULL for a non-allocated pIRQ, and hence we mustn't unconditionally de-reference it, and we need to invoke it another time after having called map_domain_emuirq_pirq() - don't use printk(), namely without XENLOG_GUEST, for error reporting This is XSA-96. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> master commit: 6f4cc0ac41625a054861b417ea1fc3ab88e2e40a master date: 2014-06-03 15:17:14 +0200 --- xen/arch/x86/hvm/irq.c | 10 ++++------ 1 files changed, 4 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/hvm/irq.c b/xen/arch/x86/hvm/irq.c index f44f3b9..87f656d 100644 --- a/xen/arch/x86/hvm/irq.c +++ b/xen/arch/x86/hvm/irq.c @@ -289,20 +289,18 @@ void hvm_inject_msi(struct domain *d, uint64_t addr, uint32_t data) struct pirq *info = pirq_info(d, pirq); /* if it is the first time, allocate the pirq */ - if (info->arch.hvm.emuirq == IRQ_UNBOUND) + if ( !info || info->arch.hvm.emuirq == IRQ_UNBOUND ) { spin_lock(&d->event_lock); map_domain_emuirq_pirq(d, pirq, IRQ_MSI_EMU); spin_unlock(&d->event_lock); + info = pirq_info(d, pirq); + if ( !info ) + return; } else if (info->arch.hvm.emuirq != IRQ_MSI_EMU) - { - printk("%s: pirq %d does not correspond to an emulated MSI\n", __func__, pirq); return; - } send_guest_pirq(d, info); return; - } else { - printk("%s: error getting pirq from MSI: pirq = %d\n", __func__, pirq); } } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.2 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |