Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/0053-x86-IRQ-avoid-double-unlock-in-map_domain_pirq.patch
diff options
context:
space:
mode:
Diffstat (limited to '0053-x86-IRQ-avoid-double-unlock-in-map_domain_pirq.patch')
-rw-r--r--0053-x86-IRQ-avoid-double-unlock-in-map_domain_pirq.patch53
1 files changed, 53 insertions, 0 deletions
diff --git a/0053-x86-IRQ-avoid-double-unlock-in-map_domain_pirq.patch b/0053-x86-IRQ-avoid-double-unlock-in-map_domain_pirq.patch
new file mode 100644
index 0000000..686e142
--- /dev/null
+++ b/0053-x86-IRQ-avoid-double-unlock-in-map_domain_pirq.patch
@@ -0,0 +1,53 @@
+From d46a1ce3175dc45e97a8c9b89b0d0ff46145ae64 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Tue, 16 Jul 2024 14:14:43 +0200
+Subject: [PATCH 53/56] x86/IRQ: avoid double unlock in map_domain_pirq()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Forever since its introduction the main loop in the function dealing
+with multi-vector MSI had error exit points ("break") with different
+properties: In one case no IRQ descriptor lock is being held.
+Nevertheless the subsequent error cleanup path assumed such a lock would
+uniformly need releasing. Identify the case by setting "desc" to NULL,
+thus allowing the unlock to be skipped as necessary.
+
+This is CVE-2024-31143 / XSA-458.
+
+Coverity ID: 1605298
+Fixes: d1b6d0a02489 ("x86: enable multi-vector MSI")
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
+master commit: 57338346f29cea7b183403561bdc5f407163b846
+master date: 2024-07-16 14:09:14 +0200
+---
+ xen/arch/x86/irq.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c
+index 00be3b88e8..5dae8bd1b9 100644
+--- a/xen/arch/x86/irq.c
++++ b/xen/arch/x86/irq.c
+@@ -2287,6 +2287,7 @@ int map_domain_pirq(
+
+ set_domain_irq_pirq(d, irq, info);
+ spin_unlock_irqrestore(&desc->lock, flags);
++ desc = NULL;
+
+ info = NULL;
+ irq = create_irq(NUMA_NO_NODE, true);
+@@ -2322,7 +2323,9 @@ int map_domain_pirq(
+
+ if ( ret )
+ {
+- spin_unlock_irqrestore(&desc->lock, flags);
++ if ( desc )
++ spin_unlock_irqrestore(&desc->lock, flags);
++
+ pci_disable_msi(msi_desc);
+ if ( nr )
+ {
+--
+2.45.2
+