aboutsummaryrefslogtreecommitdiff
path: root/system/xen/xsa/xsa334.patch
diff options
context:
space:
mode:
authorMario Preksavec <mario@slackware.hr>2020-10-24 04:54:05 +0200
committerWilly Sudiarto Raharjo <willysr@slackbuilds.org>2020-10-31 11:15:50 +0700
commit8fc56a989afed0c85eaeda409e947ff5ad827309 (patch)
tree990d8049d06b8e4a9ab065ccb39b4e87f6ff67cd /system/xen/xsa/xsa334.patch
parentfc33e724f1bc05144ca50676f39e1bd0f3a4aba6 (diff)
system/xen: XSA 333-347 update.
Signed-off-by: Mario Preksavec <mario@slackware.hr> Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'system/xen/xsa/xsa334.patch')
-rw-r--r--system/xen/xsa/xsa334.patch51
1 files changed, 51 insertions, 0 deletions
diff --git a/system/xen/xsa/xsa334.patch b/system/xen/xsa/xsa334.patch
new file mode 100644
index 000000000000..4260cdb2b2db
--- /dev/null
+++ b/system/xen/xsa/xsa334.patch
@@ -0,0 +1,51 @@
+From: Andrew Cooper <andrew.cooper3@citrix.com>
+Subject: xen/memory: Don't skip the RCU unlock path in acquire_resource()
+
+In the case that an HVM Stubdomain makes an XENMEM_acquire_resource hypercall,
+the FIXME path will bypass rcu_unlock_domain() on the way out of the function.
+
+Move the check to the start of the function. This does change the behaviour
+of the get-size path for HVM Stubdomains, but that functionality is currently
+broken and unused anyway, as well as being quite useless to entities which
+can't actually map the resource anyway.
+
+This is XSA-334.
+
+Fixes: 83fa6552ce ("common: add a new mappable resource type: XENMEM_resource_grant_table")
+Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+
+diff --git a/xen/common/memory.c b/xen/common/memory.c
+index 1a3c9ffb30..29741d8904 100644
+--- a/xen/common/memory.c
++++ b/xen/common/memory.c
+@@ -1058,6 +1058,14 @@ static int acquire_resource(
+ xen_pfn_t mfn_list[32];
+ int rc;
+
++ /*
++ * FIXME: Until foreign pages inserted into the P2M are properly
++ * reference counted, it is unsafe to allow mapping of
++ * resource pages unless the caller is the hardware domain.
++ */
++ if ( paging_mode_translate(currd) && !is_hardware_domain(currd) )
++ return -EACCES;
++
+ if ( copy_from_guest(&xmar, arg, 1) )
+ return -EFAULT;
+
+@@ -1114,14 +1122,6 @@ static int acquire_resource(
+ xen_pfn_t gfn_list[ARRAY_SIZE(mfn_list)];
+ unsigned int i;
+
+- /*
+- * FIXME: Until foreign pages inserted into the P2M are properly
+- * reference counted, it is unsafe to allow mapping of
+- * resource pages unless the caller is the hardware domain.
+- */
+- if ( !is_hardware_domain(currd) )
+- return -EACCES;
+-
+ if ( copy_from_guest(gfn_list, xmar.frame_list, xmar.nr_frames) )
+ rc = -EFAULT;
+