Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/0061-x86-HVM-bound-number-of-pinned-cache-attribute-regio.patch
diff options
context:
space:
mode:
Diffstat (limited to '0061-x86-HVM-bound-number-of-pinned-cache-attribute-regio.patch')
-rw-r--r--0061-x86-HVM-bound-number-of-pinned-cache-attribute-regio.patch50
1 files changed, 0 insertions, 50 deletions
diff --git a/0061-x86-HVM-bound-number-of-pinned-cache-attribute-regio.patch b/0061-x86-HVM-bound-number-of-pinned-cache-attribute-regio.patch
deleted file mode 100644
index b638eca..0000000
--- a/0061-x86-HVM-bound-number-of-pinned-cache-attribute-regio.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From d0cb66d59a956ccba3dbe794f4ec01e4a4269ee9 Mon Sep 17 00:00:00 2001
-From: Jan Beulich <jbeulich@suse.com>
-Date: Tue, 21 Mar 2023 12:01:01 +0000
-Subject: [PATCH 61/89] x86/HVM: bound number of pinned cache attribute regions
-
-This is exposed via DMOP, i.e. to potentially not fully privileged
-device models. With that we may not permit registration of an (almost)
-unbounded amount of such regions.
-
-This is CVE-2022-42333 / part of XSA-428.
-
-Fixes: 642123c5123f ("x86/hvm: provide XEN_DMOP_pin_memory_cacheattr")
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-(cherry picked from commit a5e768640f786b681063f4e08af45d0c4e91debf)
----
- xen/arch/x86/hvm/mtrr.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/xen/arch/x86/hvm/mtrr.c b/xen/arch/x86/hvm/mtrr.c
-index 4d2aa6def8..714911dd7f 100644
---- a/xen/arch/x86/hvm/mtrr.c
-+++ b/xen/arch/x86/hvm/mtrr.c
-@@ -595,6 +595,7 @@ int hvm_set_mem_pinned_cacheattr(struct domain *d, uint64_t gfn_start,
- uint64_t gfn_end, uint32_t type)
- {
- struct hvm_mem_pinned_cacheattr_range *range;
-+ unsigned int nr = 0;
- int rc = 1;
-
- if ( !is_hvm_domain(d) )
-@@ -666,11 +667,15 @@ int hvm_set_mem_pinned_cacheattr(struct domain *d, uint64_t gfn_start,
- rc = -EBUSY;
- break;
- }
-+ ++nr;
- }
- rcu_read_unlock(&pinned_cacheattr_rcu_lock);
- if ( rc <= 0 )
- return rc;
-
-+ if ( nr >= 64 /* The limit is arbitrary. */ )
-+ return -ENOSPC;
-+
- range = xzalloc(struct hvm_mem_pinned_cacheattr_range);
- if ( range == NULL )
- return -ENOMEM;
---
-2.40.0
-