1 x86/HVM: eliminate vulnerabilities from hvm_inject_msi()
3 - pirq_info() returns NULL for a non-allocated pIRQ, and hence we
4 mustn't unconditionally de-reference it, and we need to invoke it
5 another time after having called map_domain_emuirq_pirq()
6 - don't use printk(), namely without XENLOG_GUEST, for error reporting
10 Signed-off-by: Jan Beulich <jbeulich@suse.com>
12 --- a/xen/arch/x86/hvm/irq.c
13 +++ b/xen/arch/x86/hvm/irq.c
14 @@ -289,20 +289,18 @@ void hvm_inject_msi(struct domain *d, ui
15 struct pirq *info = pirq_info(d, pirq);
17 /* if it is the first time, allocate the pirq */
18 - if (info->arch.hvm.emuirq == IRQ_UNBOUND)
19 + if ( !info || info->arch.hvm.emuirq == IRQ_UNBOUND )
21 spin_lock(&d->event_lock);
22 map_domain_emuirq_pirq(d, pirq, IRQ_MSI_EMU);
23 spin_unlock(&d->event_lock);
24 + info = pirq_info(d, pirq);
27 } else if (info->arch.hvm.emuirq != IRQ_MSI_EMU)
29 - printk("%s: pirq %d does not correspond to an emulated MSI\n", __func__, pirq);
32 send_guest_pirq(d, info);
35 - printk("%s: error getting pirq from MSI: pirq = %d\n", __func__, pirq);