[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.2] x86/HVM: eliminate vulnerabilities from hvm_inject_msi()

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
From: patchbot@xxxxxxx
Date: Sun, 08 Jun 2014 14:44:56 +0000
Delivery-date: Sun, 08 Jun 2014 14:45:00 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

commit 46345224b938cd17e2440380b7430f86e93a3424
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Tue Jun 3 16:11:52 2014 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Jun 3 16:11:52 2014 +0200

    x86/HVM: eliminate vulnerabilities from hvm_inject_msi()
    
    - pirq_info() returns NULL for a non-allocated pIRQ, and hence we
      mustn't unconditionally de-reference it, and we need to invoke it
      another time after having called map_domain_emuirq_pirq()
    - don't use printk(), namely without XENLOG_GUEST, for error reporting
    
    This is XSA-96.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    master commit: 6f4cc0ac41625a054861b417ea1fc3ab88e2e40a
    master date: 2014-06-03 15:17:14 +0200
---
 xen/arch/x86/hvm/irq.c |   10 ++++------
 1 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/xen/arch/x86/hvm/irq.c b/xen/arch/x86/hvm/irq.c
index f44f3b9..87f656d 100644
--- a/xen/arch/x86/hvm/irq.c
+++ b/xen/arch/x86/hvm/irq.c
@@ -289,20 +289,18 @@ void hvm_inject_msi(struct domain *d, uint64_t addr, 
uint32_t data)
             struct pirq *info = pirq_info(d, pirq);
 
             /* if it is the first time, allocate the pirq */
-            if (info->arch.hvm.emuirq == IRQ_UNBOUND)
+            if ( !info || info->arch.hvm.emuirq == IRQ_UNBOUND )
             {
                 spin_lock(&d->event_lock);
                 map_domain_emuirq_pirq(d, pirq, IRQ_MSI_EMU);
                 spin_unlock(&d->event_lock);
+                info = pirq_info(d, pirq);
+                if ( !info )
+                    return;
             } else if (info->arch.hvm.emuirq != IRQ_MSI_EMU)
-            {
-                printk("%s: pirq %d does not correspond to an emulated MSI\n", 
__func__, pirq);
                 return;
-            }
             send_guest_pirq(d, info);
             return;
-        } else {
-            printk("%s: error getting pirq from MSI: pirq = %d\n", __func__, 
pirq);
         }
     }
 
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.2

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

Prev by Date: [Xen-changelog] [xen stable-4.2] timers: set the deadline more accurately
Next by Date: [Xen-changelog] [xen stable-4.2] Revert "ACPI/ERST: fix table mapping"
Previous by thread: [Xen-changelog] [xen stable-4.2] timers: set the deadline more accurately
Next by thread: [Xen-changelog] [xen stable-4.2] Revert "ACPI/ERST: fix table mapping"
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.