|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen master] x86/HVM: eliminate vulnerabilities from hvm_inject_msi()
commit 6f4cc0ac41625a054861b417ea1fc3ab88e2e40a
Author: Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Tue Jun 3 15:17:14 2014 +0200
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Jun 3 15:17:14 2014 +0200
x86/HVM: eliminate vulnerabilities from hvm_inject_msi()
- pirq_info() returns NULL for a non-allocated pIRQ, and hence we
mustn't unconditionally de-reference it, and we need to invoke it
another time after having called map_domain_emuirq_pirq()
- don't use printk(), namely without XENLOG_GUEST, for error reporting
This is XSA-96.
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
---
xen/arch/x86/hvm/irq.c | 10 ++++------
1 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/xen/arch/x86/hvm/irq.c b/xen/arch/x86/hvm/irq.c
index cb34b21..ab7d67e 100644
--- a/xen/arch/x86/hvm/irq.c
+++ b/xen/arch/x86/hvm/irq.c
@@ -290,20 +290,18 @@ void hvm_inject_msi(struct domain *d, uint64_t addr,
uint32_t data)
struct pirq *info = pirq_info(d, pirq);
/* if it is the first time, allocate the pirq */
- if (info->arch.hvm.emuirq == IRQ_UNBOUND)
+ if ( !info || info->arch.hvm.emuirq == IRQ_UNBOUND )
{
spin_lock(&d->event_lock);
map_domain_emuirq_pirq(d, pirq, IRQ_MSI_EMU);
spin_unlock(&d->event_lock);
+ info = pirq_info(d, pirq);
+ if ( !info )
+ return;
} else if (info->arch.hvm.emuirq != IRQ_MSI_EMU)
- {
- printk("%s: pirq %d does not correspond to an emulated MSI\n",
__func__, pirq);
return;
- }
send_guest_pirq(d, info);
return;
- } else {
- printk("%s: error getting pirq from MSI: pirq = %d\n", __func__,
pirq);
}
}
--
generated by git-patchbot for /home/xen/git/xen.git#master
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |