xsa96.patch

   1 x86/HVM: eliminate vulnerabilities from hvm_inject_msi()
   2
   3 - pirq_info() returns NULL for a non-allocated pIRQ, and hence we
   4   mustn't unconditionally de-reference it, and we need to invoke it
   5   another time after having called map_domain_emuirq_pirq()
   6 - don't use printk(), namely without XENLOG_GUEST, for error reporting
   7
   8 This is XSA-96.
   9
  10 Signed-off-by: Jan Beulich <jbeulich@suse.com>
  11
  12 --- a/xen/arch/x86/hvm/irq.c
  13 +++ b/xen/arch/x86/hvm/irq.c
  14 @@ -289,20 +289,18 @@ void hvm_inject_msi(struct domain *d, ui
  15              struct pirq *info = pirq_info(d, pirq);
  16
  17              /* if it is the first time, allocate the pirq */
  18 -            if (info->arch.hvm.emuirq == IRQ_UNBOUND)
  19 +            if ( !info || info->arch.hvm.emuirq == IRQ_UNBOUND )
  20              {
  21                  spin_lock(&d->event_lock);
  22                  map_domain_emuirq_pirq(d, pirq, IRQ_MSI_EMU);
  23                  spin_unlock(&d->event_lock);
  24 +                info = pirq_info(d, pirq);
  25 +                if ( !info )
  26 +                    return;
  27              } else if (info->arch.hvm.emuirq != IRQ_MSI_EMU)
  28 -            {
  29 -                printk("%s: pirq %d does not correspond to an emulated MSI\n", __func__, pirq);
  30                  return;
  31 -            }
  32              send_guest_pirq(d, info);
  33              return;
  34 -        } else {
  35 -            printk("%s: error getting pirq from MSI: pirq = %d\n", __func__, pirq);
  36          }
  37      }
  38