From f8429d4bacf5fa0398156e71c90ac17448296123 Mon Sep 17 00:00:00 2001 From: Christopher Brannon Date: Thu, 21 Jan 2021 07:25:45 -0800 Subject: [PATCH] xen: patch for XSA 360. --- srcpkgs/xen/patches/xsa360-4.14.patch | 97 +++++++++++++++++++++++++++ srcpkgs/xen/template | 4 +- 2 files changed, 99 insertions(+), 2 deletions(-) create mode 100644 srcpkgs/xen/patches/xsa360-4.14.patch diff --git a/srcpkgs/xen/patches/xsa360-4.14.patch b/srcpkgs/xen/patches/xsa360-4.14.patch new file mode 100644 index 00000000000..1bc185b110d --- /dev/null +++ b/srcpkgs/xen/patches/xsa360-4.14.patch @@ -0,0 +1,97 @@ +From: Roger Pau Monne +Subject: x86/dpci: do not remove pirqs from domain tree on unbind + +A fix for a previous issue removed the pirqs from the domain tree when +they are unbound in order to prevent shared pirqs from triggering a +BUG_ON in __pirq_guest_unbind if they are unbound multiple times. That +caused free_domain_pirqs to no longer unmap the pirqs because they +are gone from the domain pirq tree, thus leaving stale unbound pirqs +after domain destruction if the domain had mapped dpci pirqs after +shutdown. + +Take a different approach to fix the original issue, instead of +removing the pirq from d->pirq_tree clear the flags of the dpci pirq +struct to signal that the pirq is now unbound. This prevents calling +pirq_guest_unbind multiple times for the same pirq without having to +remove it from the domain pirq tree. + +This is XSA-360. + +Fixes: 5b58dad089 ('x86/pass-through: avoid double IRQ unbind during domain cleanup') +Signed-off-by: Roger Pau Monné +Reviewed-by: Jan Beulich + +--- a/xen/arch/x86/irq.c ++++ b/xen/arch/x86/irq.c +@@ -1331,7 +1331,7 @@ void (pirq_cleanup_check)(struct pirq *p + } + + if ( radix_tree_delete(&d->pirq_tree, pirq->pirq) != pirq ) +- BUG_ON(!d->is_dying); ++ BUG(); + } + + /* Flush all ready EOIs from the top of this CPU's pending-EOI stack. */ +--- a/xen/drivers/passthrough/pci.c ++++ b/xen/drivers/passthrough/pci.c +@@ -862,6 +862,10 @@ static int pci_clean_dpci_irq(struct dom + { + struct dev_intx_gsi_link *digl, *tmp; + ++ if ( !pirq_dpci->flags ) ++ /* Already processed. */ ++ return 0; ++ + pirq_guest_unbind(d, dpci_pirq(pirq_dpci)); + + if ( pt_irq_need_timer(pirq_dpci->flags) ) +@@ -872,15 +876,10 @@ static int pci_clean_dpci_irq(struct dom + list_del(&digl->list); + xfree(digl); + } ++ /* Note the pirq is now unbound. */ ++ pirq_dpci->flags = 0; + +- radix_tree_delete(&d->pirq_tree, dpci_pirq(pirq_dpci)->pirq); +- +- if ( !pt_pirq_softirq_active(pirq_dpci) ) +- return 0; +- +- domain_get_irq_dpci(d)->pending_pirq_dpci = pirq_dpci; +- +- return -ERESTART; ++ return pt_pirq_softirq_active(pirq_dpci) ? -ERESTART : 0; + } + + static int pci_clean_dpci_irqs(struct domain *d) +@@ -897,18 +896,8 @@ static int pci_clean_dpci_irqs(struct do + hvm_irq_dpci = domain_get_irq_dpci(d); + if ( hvm_irq_dpci != NULL ) + { +- int ret = 0; +- +- if ( hvm_irq_dpci->pending_pirq_dpci ) +- { +- if ( pt_pirq_softirq_active(hvm_irq_dpci->pending_pirq_dpci) ) +- ret = -ERESTART; +- else +- hvm_irq_dpci->pending_pirq_dpci = NULL; +- } ++ int ret = pt_pirq_iterate(d, pci_clean_dpci_irq, NULL); + +- if ( !ret ) +- ret = pt_pirq_iterate(d, pci_clean_dpci_irq, NULL); + if ( ret ) + { + spin_unlock(&d->event_lock); +--- a/xen/include/asm-x86/hvm/irq.h ++++ b/xen/include/asm-x86/hvm/irq.h +@@ -160,8 +160,6 @@ struct hvm_irq_dpci { + DECLARE_BITMAP(isairq_map, NR_ISAIRQS); + /* Record of mapped Links */ + uint8_t link_cnt[NR_LINK]; +- /* Clean up: Entry with a softirq invocation pending / in progress. */ +- struct hvm_pirq_dpci *pending_pirq_dpci; + }; + + /* Machine IRQ to guest device/intx mapping. */ diff --git a/srcpkgs/xen/template b/srcpkgs/xen/template index 8b6649410d0..bc00c7cc8e0 100644 --- a/srcpkgs/xen/template +++ b/srcpkgs/xen/template @@ -1,7 +1,7 @@ # Template file for 'xen' pkgname=xen version=4.14.1 -revision=1 +revision=2 # grep -R IPXE_GIT_TAG src/xen-*/tools/firmware/etherboot _git_tag_ipxe=4bd064de239dab2426b31c9789a1f4d78087dc63 # TODO: arm / aarch64 @@ -17,7 +17,7 @@ makedepends="SDL-devel dev86 dtc-devel e2fsprogs-devel gnutls-devel libaio-devel netpbm pciutils-devel pixman-devel python3-devel seabios yajl-devel" depends="bridge-utils perl xen-hypervisor" short_desc="Xen hypervisor utilities" -maintainer="Orphaned " +maintainer="Chris Brannon " license="GPL-2.0-or-later" homepage="https://www.xenproject.org/" distfiles="