[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen stable-4.18] x86/IRQ: avoid double unlock in map_domain_pirq()
commit d46a1ce3175dc45e97a8c9b89b0d0ff46145ae64 Author: Jan Beulich <jbeulich@xxxxxxxx> AuthorDate: Tue Jul 16 14:14:43 2024 +0200 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Tue Jul 16 14:14:43 2024 +0200 x86/IRQ: avoid double unlock in map_domain_pirq() Forever since its introduction the main loop in the function dealing with multi-vector MSI had error exit points ("break") with different properties: In one case no IRQ descriptor lock is being held. Nevertheless the subsequent error cleanup path assumed such a lock would uniformly need releasing. Identify the case by setting "desc" to NULL, thus allowing the unlock to be skipped as necessary. This is CVE-2024-31143 / XSA-458. Coverity ID: 1605298 Fixes: d1b6d0a02489 ("x86: enable multi-vector MSI") Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> master commit: 57338346f29cea7b183403561bdc5f407163b846 master date: 2024-07-16 14:09:14 +0200 --- xen/arch/x86/irq.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 00be3b88e8..5dae8bd1b9 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -2287,6 +2287,7 @@ int map_domain_pirq( set_domain_irq_pirq(d, irq, info); spin_unlock_irqrestore(&desc->lock, flags); + desc = NULL; info = NULL; irq = create_irq(NUMA_NO_NODE, true); @@ -2322,7 +2323,9 @@ int map_domain_pirq( if ( ret ) { - spin_unlock_irqrestore(&desc->lock, flags); + if ( desc ) + spin_unlock_irqrestore(&desc->lock, flags); + pci_disable_msi(msi_desc); if ( nr ) { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.18
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |