From 8fc56a989afed0c85eaeda409e947ff5ad827309 Mon Sep 17 00:00:00 2001 From: Mario Preksavec Date: Sat, 24 Oct 2020 04:54:05 +0200 Subject: system/xen: XSA 333-347 update. Signed-off-by: Mario Preksavec Signed-off-by: Willy Sudiarto Raharjo --- system/xen/xsa/xsa334.patch | 51 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 system/xen/xsa/xsa334.patch (limited to 'system/xen/xsa/xsa334.patch') diff --git a/system/xen/xsa/xsa334.patch b/system/xen/xsa/xsa334.patch new file mode 100644 index 000000000000..4260cdb2b2db --- /dev/null +++ b/system/xen/xsa/xsa334.patch @@ -0,0 +1,51 @@ +From: Andrew Cooper +Subject: xen/memory: Don't skip the RCU unlock path in acquire_resource() + +In the case that an HVM Stubdomain makes an XENMEM_acquire_resource hypercall, +the FIXME path will bypass rcu_unlock_domain() on the way out of the function. + +Move the check to the start of the function. This does change the behaviour +of the get-size path for HVM Stubdomains, but that functionality is currently +broken and unused anyway, as well as being quite useless to entities which +can't actually map the resource anyway. + +This is XSA-334. + +Fixes: 83fa6552ce ("common: add a new mappable resource type: XENMEM_resource_grant_table") +Signed-off-by: Andrew Cooper +Reviewed-by: Jan Beulich + +diff --git a/xen/common/memory.c b/xen/common/memory.c +index 1a3c9ffb30..29741d8904 100644 +--- a/xen/common/memory.c ++++ b/xen/common/memory.c +@@ -1058,6 +1058,14 @@ static int acquire_resource( + xen_pfn_t mfn_list[32]; + int rc; + ++ /* ++ * FIXME: Until foreign pages inserted into the P2M are properly ++ * reference counted, it is unsafe to allow mapping of ++ * resource pages unless the caller is the hardware domain. ++ */ ++ if ( paging_mode_translate(currd) && !is_hardware_domain(currd) ) ++ return -EACCES; ++ + if ( copy_from_guest(&xmar, arg, 1) ) + return -EFAULT; + +@@ -1114,14 +1122,6 @@ static int acquire_resource( + xen_pfn_t gfn_list[ARRAY_SIZE(mfn_list)]; + unsigned int i; + +- /* +- * FIXME: Until foreign pages inserted into the P2M are properly +- * reference counted, it is unsafe to allow mapping of +- * resource pages unless the caller is the hardware domain. +- */ +- if ( !is_hardware_domain(currd) ) +- return -EACCES; +- + if ( copy_from_guest(gfn_list, xmar.frame_list, xmar.nr_frames) ) + rc = -EFAULT; + -- cgit v1.2.3