[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging-4.16] VT-d: fix (de)assign ordering when RMRRs are in use
commit 2c0e367013f7f17753b48f2bd5ed34d85dcb8881 Author: Jan Beulich <jbeulich@xxxxxxxx> AuthorDate: Tue Apr 5 14:44:14 2022 +0200 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Tue Apr 5 14:44:14 2022 +0200 VT-d: fix (de)assign ordering when RMRRs are in use In the event that the RMRR mappings are essential for device operation, they should be established before updating the device's context entry, while they should be torn down only after the device's context entry was successfully updated. Also adjust a related log message. This is CVE-2022-26358 / part of XSA-400. Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling") Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> Reviewed-by: Paul Durrant <paul@xxxxxxx> Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx> master commit: 78a40f8b5dfa1a3aec43528663f39473d4429101 master date: 2022-04-05 14:15:33 +0200 --- xen/drivers/passthrough/vtd/iommu.c | 56 ++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 20 deletions(-) diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c index a1645d3372..5e3740feb6 100644 --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -2419,6 +2419,10 @@ static int reassign_device_ownership( { int ret; + ret = domain_context_unmap(source, devfn, pdev); + if ( ret ) + return ret; + /* * Devices assigned to untrusted domains (here assumed to be any domU) * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected @@ -2455,10 +2459,6 @@ static int reassign_device_ownership( } } - ret = domain_context_unmap(source, devfn, pdev); - if ( ret ) - return ret; - if ( devfn == pdev->devfn && pdev->domain != dom_io ) { list_move(&pdev->domain_list, &dom_io->pdev_list); @@ -2534,9 +2534,8 @@ static int intel_iommu_assign_device( } } - ret = reassign_device_ownership(s, d, devfn, pdev); - if ( ret || d == dom_io ) - return ret; + if ( d == dom_io ) + return reassign_device_ownership(s, d, devfn, pdev); /* Setup rmrr identity mapping */ for_each_rmrr_device( rmrr, bdf, i ) @@ -2549,20 +2548,37 @@ static int intel_iommu_assign_device( rmrr->end_address, flag); if ( ret ) { - int rc; - - rc = reassign_device_ownership(d, s, devfn, pdev); printk(XENLOG_G_ERR VTDPREFIX - " cannot map reserved region (%"PRIx64",%"PRIx64"] for Dom%d (%d)\n", - rmrr->base_address, rmrr->end_address, - d->domain_id, ret); - if ( rc ) - { - printk(XENLOG_ERR VTDPREFIX - " failed to reclaim %pp from %pd (%d)\n", - &PCI_SBDF3(seg, bus, devfn), d, rc); - domain_crash(d); - } + "%pd: cannot map reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, ret); + break; + } + } + } + + if ( !ret ) + ret = reassign_device_ownership(s, d, devfn, pdev); + + /* See reassign_device_ownership() for the hwdom aspect. */ + if ( !ret || is_hardware_domain(d) ) + return ret; + + for_each_rmrr_device( rmrr, bdf, i ) + { + if ( rmrr->segment == seg && + PCI_BUS(bdf) == bus && + PCI_DEVFN2(bdf) == devfn ) + { + int rc = iommu_identity_mapping(d, p2m_access_x, + rmrr->base_address, + rmrr->end_address, 0); + + if ( rc && rc != -ENOENT ) + { + printk(XENLOG_ERR VTDPREFIX + "%pd: cannot unmap reserved region [%"PRIx64",%"PRIx64"]: %d\n", + d, rmrr->base_address, rmrr->end_address, rc); + domain_crash(d); break; } } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |