Attachment 875856 Details for Bug 1227355

[patch] Attached patch

xsa458.patch (text/plain), 1.28 KB, created by Carlos López on 2024-07-03 17:30:36 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Carlos López

Created: 2024-07-03 17:30:36 UTC

Size: 1.28 KB

patch

obsolete

>From: Jan Beulich <jbeulich@suse.com>
>Subject: x86/IRQ: avoid double unlock in map_domain_pirq()
>
>Forever since its introduction the main loop in the function dealing
>with multi-vector MSI had error exit points ("break") with different
>properties: In one case no IRQ descriptor lock is being held.
>Nevertheless the subsequent error cleanup path assumed such a lock would
>uniformly need releasing. Identify the case by setting "desc" to NULL,
>thus allowing the unlock to be skipped as necessary.
>
>This is CVE-2024-31143 / XSA-458.
>
>Coverity ID: 1605298
>Fixes: d1b6d0a02489 ("x86: enable multi-vector MSI")
>Signed-off-by: Jan Beulich <jbeulich@suse.com>
>Reviewed-by: Roger Pau MonnÃ© <roger.pau@citrix.com>
>
>--- a/xen/arch/x86/irq.c
>+++ b/xen/arch/x86/irq.c
>@@ -2273,6 +2273,7 @@ int map_domain_pirq(
> 
>             set_domain_irq_pirq(d, irq, info);
>             spin_unlock_irqrestore(&desc->lock, flags);
>+            desc = NULL;
> 
>             info = NULL;
>             irq = create_irq(NUMA_NO_NODE, true);
>@@ -2308,7 +2309,9 @@ int map_domain_pirq(
> 
>         if ( ret )
>         {
>-            spin_unlock_irqrestore(&desc->lock, flags);
>+            if ( desc )
>+                spin_unlock_irqrestore(&desc->lock, flags);
>+
>             pci_disable_msi(msi_desc);
>             if ( nr )
>             {

Actions: View | Diff

Attachments on bug 1227355: 875856