Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
xen.18780
5fd8af4b-evtchn-FIFO-add-2nd-smp_rmb.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 5fd8af4b-evtchn-FIFO-add-2nd-smp_rmb.patch of Package xen.18780
# Commit dc8b01affd7f6f36d34c3854f51df0847df3ec0e # Date 2020-12-15 13:42:51 +0100 # Author Jan Beulich <jbeulich@suse.com> # Committer Jan Beulich <jbeulich@suse.com> evtchn/FIFO: add 2nd smp_rmb() to evtchn_fifo_word_from_port() Besides with add_page_to_event_array() the function also needs to synchronize with evtchn_fifo_init_control() setting both d->evtchn_fifo and (subsequently) d->evtchn_port_ops. This is XSA-359 / CVE-2020-29571. Reported-by: Julien Grall <jgrall@amazon.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Julien Grall <jgrall@amazon.com> --- a/xen/common/event_fifo.c +++ b/xen/common/event_fifo.c @@ -34,6 +34,13 @@ static inline event_word_t *evtchn_fifo_ { unsigned int p, w; + /* + * Callers aren't required to hold d->event_lock, so we need to synchronize + * with evtchn_fifo_init_control() setting d->evtchn_port_ops /after/ + * d->evtchn_fifo. + */ + smp_rmb(); + if ( unlikely(port >= d->evtchn_fifo->num_evtchns) ) return NULL; @@ -587,6 +594,10 @@ int evtchn_fifo_init_control(struct evtc if ( rc < 0 ) goto error; + /* + * This call, as a side effect, synchronizes with + * evtchn_fifo_word_from_port(). + */ rc = map_control_block(v, gfn, offset); if ( rc < 0 ) goto error;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor