diff options
Diffstat (limited to '0044-x86-HAP-adjust-monitor-table-related-error-handling.patch')
-rw-r--r-- | 0044-x86-HAP-adjust-monitor-table-related-error-handling.patch | 77 |
1 files changed, 0 insertions, 77 deletions
diff --git a/0044-x86-HAP-adjust-monitor-table-related-error-handling.patch b/0044-x86-HAP-adjust-monitor-table-related-error-handling.patch deleted file mode 100644 index 97a55a5..0000000 --- a/0044-x86-HAP-adjust-monitor-table-related-error-handling.patch +++ /dev/null @@ -1,77 +0,0 @@ -From d24a10a91d46a56e1d406239643ec651a31033d4 Mon Sep 17 00:00:00 2001 -From: Jan Beulich <jbeulich@suse.com> -Date: Tue, 11 Oct 2022 15:07:42 +0200 -Subject: [PATCH 044/126] x86/HAP: adjust monitor table related error handling -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -hap_make_monitor_table() will return INVALID_MFN if it encounters an -error condition, but hap_update_paging_modes() wasn’t handling this -value, resulting in an inappropriate value being stored in -monitor_table. This would subsequently misguide at least -hap_vcpu_teardown(). Avoid this by bailing early. - -Further, when a domain has/was already crashed or (perhaps less -important as there's no such path known to lead here) is already dying, -avoid calling domain_crash() on it again - that's at best confusing. - -This is part of CVE-2022-33746 / XSA-410. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> -master commit: 5b44a61180f4f2e4f490a28400c884dd357ff45d -master date: 2022-10-11 14:21:56 +0200 ---- - xen/arch/x86/mm/hap/hap.c | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c -index a8f5a19da917..d75dc2b9ed3d 100644 ---- a/xen/arch/x86/mm/hap/hap.c -+++ b/xen/arch/x86/mm/hap/hap.c -@@ -39,6 +39,7 @@ - #include <asm/domain.h> - #include <xen/numa.h> - #include <asm/hvm/nestedhvm.h> -+#include <public/sched.h> - - #include "private.h" - -@@ -405,8 +406,13 @@ static mfn_t hap_make_monitor_table(struct vcpu *v) - return m4mfn; - - oom: -- printk(XENLOG_G_ERR "out of memory building monitor pagetable\n"); -- domain_crash(d); -+ if ( !d->is_dying && -+ (!d->is_shutting_down || d->shutdown_code != SHUTDOWN_crash) ) -+ { -+ printk(XENLOG_G_ERR "%pd: out of memory building monitor pagetable\n", -+ d); -+ domain_crash(d); -+ } - return INVALID_MFN; - } - -@@ -766,6 +772,9 @@ static void hap_update_paging_modes(struct vcpu *v) - if ( pagetable_is_null(v->arch.hvm.monitor_table) ) - { - mfn_t mmfn = hap_make_monitor_table(v); -+ -+ if ( mfn_eq(mmfn, INVALID_MFN) ) -+ goto unlock; - v->arch.hvm.monitor_table = pagetable_from_mfn(mmfn); - make_cr3(v, mmfn); - hvm_update_host_cr3(v); -@@ -774,6 +783,7 @@ static void hap_update_paging_modes(struct vcpu *v) - /* CR3 is effectively updated by a mode change. Flush ASIDs, etc. */ - hap_update_cr3(v, 0, false); - -+ unlock: - paging_unlock(d); - put_gfn(d, cr3_gfn); - } --- -2.37.4 - |