]> xenbits.xensource.com Git - xen.git/commitdiff
projects / xen.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9f2b6c5)
VT-d: fix deassign of device with RMRR
authorJan Beulich <jbeulich@suse.com>
Fri, 1 Oct 2021 13:05:42 +0000 (15:05 +0200)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 5 Oct 2021 18:49:07 +0000 (19:49 +0100)
Ignoring a specific error code here was not meant to short circuit
deassign to _just_ the unmapping of RMRRs. This bug was previously
hidden by the bogus (potentially indefinite) looping in
pci_release_devices(), until f591755823a7 ("IOMMU/PCI: don't let domain
cleanup continue when device de-assignment failed") fixed that loop.

This is CVE-2021-28702 / XSA-386.

Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling")
Reported-by: Ivan Kardykov <kardykov@tabit.pro>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Tested-by: Ivan Kardykov <kardykov@tabit.pro>
(cherry picked from commit 24ebe875a77833696bbe5c9372e9e1590a7e7101)

xen/drivers/passthrough/vtd/iommu.c patch | blob | blame | history

diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c
index ab3c5c18451ddf41bce22f574f428b1e8ebe7438..4f6bb996d09e43ee9ac901d1d3bac9d0f8b1e6a2 100644 (file)
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -2408,7 +2408,7 @@ static int reassign_device_ownership(
                 ret = iommu_identity_mapping(source, p2m_access_x,
                                              rmrr->base_address,
                                              rmrr->end_address, 0);
-                if ( ret != -ENOENT )
+                if ( ret && ret != -ENOENT )
                     return ret;
             }
     }
Xen (staging and unstable) mirror