diff options
author | bill-auger <mr.j.spam.me@gmail.com> | 2022-04-03 16:12:17 -0400 |
---|---|---|
committer | bill-auger <mr.j.spam.me@gmail.com> | 2022-04-03 16:21:37 -0400 |
commit | 848886d6e6d72d34d1b922384f64f5efe58443c3 (patch) | |
tree | 1c1a768deec03a689cd6b0e86ff63f8de70d3b2d /pcr/xen/xsa395.patch | |
parent | 7a1bb990a57534759265f37fc1c688057201ed9c (diff) | |
download | abslibre-848886d6e6d72d34d1b922384f64f5efe58443c3.tar.gz abslibre-848886d6e6d72d34d1b922384f64f5efe58443c3.tar.bz2 abslibre-848886d6e6d72d34d1b922384f64f5efe58443c3.zip |
[xen]: avoid publishing 'any' docs package to 32-bit repos
Diffstat (limited to 'pcr/xen/xsa395.patch')
-rw-r--r-- | pcr/xen/xsa395.patch | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/pcr/xen/xsa395.patch b/pcr/xen/xsa395.patch new file mode 100644 index 000000000..13b731102 --- /dev/null +++ b/pcr/xen/xsa395.patch @@ -0,0 +1,42 @@ +From 4cc924c3e3a0d53306d08b04720c427d1c298ba8 Mon Sep 17 00:00:00 2001 +From: Julien Grall <jgrall@amazon.com> +Date: Wed, 5 Jan 2022 18:09:20 +0000 +Subject: [PATCH] passthrough/x86: stop pirq iteration immediately in case of + error + +pt_pirq_iterate() will iterate in batch over all the PIRQs. The outer +loop will bail out if 'rc' is non-zero but the inner loop will continue. + +This means 'rc' will get clobbered and we may miss any errors (such as +-ERESTART in the case of the callback pci_clean_dpci_irq()). + +This is CVE-2022-23035 / XSA-395. + +Fixes: c24536b636f2 ("replace d->nr_pirqs sized arrays with radix tree") +Fixes: f6dd295381f4 ("dpci: replace tasklet with softirq") +Signed-off-by: Julien Grall <jgrall@amazon.com> +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> +--- + xen/drivers/passthrough/x86/hvm.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/xen/drivers/passthrough/x86/hvm.c b/xen/drivers/passthrough/x86/hvm.c +index 351daafdc9bf..0b37cd145b60 100644 +--- a/xen/drivers/passthrough/x86/hvm.c ++++ b/xen/drivers/passthrough/x86/hvm.c +@@ -732,7 +732,11 @@ int pt_pirq_iterate(struct domain *d, + + pirq = pirqs[i]->pirq; + if ( (pirq_dpci->flags & HVM_IRQ_DPCI_MAPPED) ) ++ { + rc = cb(d, pirq_dpci, arg); ++ if ( rc ) ++ break; ++ } + } + } while ( !rc && ++pirq < d->nr_pirqs && n == ARRAY_SIZE(pirqs) ); + +-- +2.32.0 + |