[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging-4.12] VT-d: fix deassign of device with RMRR
commit 95172a6347111247287ca6d7966aff69aa379965 Author: Jan Beulich <jbeulich@xxxxxxxx> AuthorDate: Fri Oct 1 15:05:42 2021 +0200 Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> CommitDate: Tue Oct 5 19:49:16 2021 +0100 VT-d: fix deassign of device with RMRR Ignoring a specific error code here was not meant to short circuit deassign to _just_ the unmapping of RMRRs. This bug was previously hidden by the bogus (potentially indefinite) looping in pci_release_devices(), until f591755823a7 ("IOMMU/PCI: don't let domain cleanup continue when device de-assignment failed") fixed that loop. This is CVE-2021-28702 / XSA-386. Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Reported-by: Ivan Kardykov <kardykov@xxxxxxxxx> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Tested-by: Ivan Kardykov <kardykov@xxxxxxxxx> (cherry picked from commit 24ebe875a77833696bbe5c9372e9e1590a7e7101) --- xen/drivers/passthrough/vtd/iommu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index ef33111fd0..d8393d31d8 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2353,7 +2353,7 @@ static int reassign_device_ownership( ret = iommu_identity_mapping(source, p2m_access_x, rmrr->base_address, rmrr->end_address, 0); - if ( ret != -ENOENT ) + if ( ret && ret != -ENOENT ) return ret; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |