Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
xen.28170
xsa428-1.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xsa428-1.patch of Package xen.28170
From: Jan Beulich <jbeulich@suse.com> Subject: x86/HVM: bound number of pinned cache attribute regions This is exposed via DMOP, i.e. to potentially not fully privileged device models. With that we may not permit registration of an (almost) unbounded amount of such regions. This is CVE-2022-42333 / part of XSA-428. Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> --- a/xen/arch/x86/hvm/mtrr.c +++ b/xen/arch/x86/hvm/mtrr.c @@ -595,6 +595,7 @@ int hvm_set_mem_pinned_cacheattr(struct uint64_t gfn_end, uint32_t type) { struct hvm_mem_pinned_cacheattr_range *range; + unsigned int nr = 0; int rc = 1; if ( !is_hvm_domain(d) ) @@ -666,11 +667,15 @@ int hvm_set_mem_pinned_cacheattr(struct rc = -EBUSY; break; } + ++nr; } rcu_read_unlock(&pinned_cacheattr_rcu_lock); if ( rc <= 0 ) return rc; + if ( nr >= 64 /* The limit is arbitrary. */ ) + return -ENOSPC; + range = xzalloc(struct hvm_mem_pinned_cacheattr_range); if ( range == NULL ) return -ENOMEM;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor