[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging-4.16] pci: fail device assignment if phantom functions cannot be assigned
*** New tip has no discernable common ancestor with previous history *** Previously reported histories end at: 1bdd7c438b399e2ecce9e3c72bd7c1ae56df60f8 commit e481fc9f32339ebf9ddd171a3995a3e44527d148 Author: Roger Pau Monné <roger.pau@xxxxxxxxxx> AuthorDate: Tue Jan 30 14:42:41 2024 +0100 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Tue Jan 30 14:42:41 2024 +0100 pci: fail device assignment if phantom functions cannot be assigned The current behavior is that no error is reported if (some) phantom functions fail to be assigned during device add or assignment, so the operation succeeds even if some phantom functions are not correctly setup. This can lead to devices possibly being successfully assigned to a domU while some of the device phantom functions are still assigned to dom0. Even when the device is assigned domIO before being assigned to a domU phantom functions might fail to be assigned to domIO, and also fail to be assigned to the domU, leaving them assigned to dom0. Since the device can generate requests using the IDs of those phantom functions, given the scenario above a device in such state would be in control of a domU, but still capable of generating transactions that use a context ID targeting dom0 owned memory. Modify device assign in order to attempt to deassign the device if phantom functions failed to be assigned. Note that device addition is not modified in the same way, as in that case the device is assigned to a trusted domain, and hence partial assign can lead to device malfunction but not a security issue. This is XSA-449 / CVE-2023-46839 Fixes: 4e9950dc1bd2 ('IOMMU: add phantom function support') Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> master commit: cb4ecb3cc17b02c2814bc817efd05f3f3ba33d1e master date: 2024-01-30 14:28:01 +0100 -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.16
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |