[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen stable-4.18] x86/IRQ: avoid double unlock in map_domain_pirq()



commit d46a1ce3175dc45e97a8c9b89b0d0ff46145ae64
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Tue Jul 16 14:14:43 2024 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Jul 16 14:14:43 2024 +0200

    x86/IRQ: avoid double unlock in map_domain_pirq()
    
    Forever since its introduction the main loop in the function dealing
    with multi-vector MSI had error exit points ("break") with different
    properties: In one case no IRQ descriptor lock is being held.
    Nevertheless the subsequent error cleanup path assumed such a lock would
    uniformly need releasing. Identify the case by setting "desc" to NULL,
    thus allowing the unlock to be skipped as necessary.
    
    This is CVE-2024-31143 / XSA-458.
    
    Coverity ID: 1605298
    Fixes: d1b6d0a02489 ("x86: enable multi-vector MSI")
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
    master commit: 57338346f29cea7b183403561bdc5f407163b846
    master date: 2024-07-16 14:09:14 +0200
---
 xen/arch/x86/irq.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c
index 00be3b88e8..5dae8bd1b9 100644
--- a/xen/arch/x86/irq.c
+++ b/xen/arch/x86/irq.c
@@ -2287,6 +2287,7 @@ int map_domain_pirq(
 
             set_domain_irq_pirq(d, irq, info);
             spin_unlock_irqrestore(&desc->lock, flags);
+            desc = NULL;
 
             info = NULL;
             irq = create_irq(NUMA_NO_NODE, true);
@@ -2322,7 +2323,9 @@ int map_domain_pirq(
 
         if ( ret )
         {
-            spin_unlock_irqrestore(&desc->lock, flags);
+            if ( desc )
+                spin_unlock_irqrestore(&desc->lock, flags);
+
             pci_disable_msi(msi_desc);
             if ( nr )
             {
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.18



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.