diff options
Diffstat (limited to 'kernels/xen/xsa78.patch')
| -rw-r--r-- | kernels/xen/xsa78.patch | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/kernels/xen/xsa78.patch b/kernels/xen/xsa78.patch new file mode 100644 index 000000000..180506cdd --- /dev/null +++ b/kernels/xen/xsa78.patch @@ -0,0 +1,23 @@ +VT-d: fix TLB flushing in dma_pte_clear_one() + +The third parameter of __intel_iommu_iotlb_flush() is to indicate +whether the to be flushed entry was a present one. A few lines before, +we bailed if !dma_pte_present(*pte), so there's no need to check the +flag here again - we can simply always pass TRUE here. + +This is CVE-2013-6375 / XSA-78. + +Suggested-by: Cheng Yueqiang <yqcheng.2008@phdis.smu.edu.sg> +Signed-off-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -646,7 +646,7 @@ static void dma_pte_clear_one(struct dom + iommu_flush_cache_entry(pte, sizeof(struct dma_pte)); + + if ( !this_cpu(iommu_dont_flush_iotlb) ) +- __intel_iommu_iotlb_flush(domain, addr >> PAGE_SHIFT_4K , 0, 1); ++ __intel_iommu_iotlb_flush(domain, addr >> PAGE_SHIFT_4K, 1, 1); + + unmap_vtd_domain_page(page); + |