diff options
author | Jan Beulich <jbeulich@suse.com> | 2013-04-18 16:11:23 +0200 |
---|---|---|
committer | Jan Beulich <jbeulich@suse.com> | 2013-04-18 16:11:23 +0200 |
commit | 545607eb3cfeb2abf5742d1bb869734f317fcfe5 (patch) | |
tree | 6039c103db155c2f36625ffd75d7262d5dfdc5c4 /xen/common/event_channel.c | |
parent | fdac9515607b757c044e7ef0d61b1453ef999b08 (diff) | |
download | xen-545607eb3cfeb2abf5742d1bb869734f317fcfe5.tar.gz xen-545607eb3cfeb2abf5742d1bb869734f317fcfe5.tar.bz2 xen-545607eb3cfeb2abf5742d1bb869734f317fcfe5.zip |
x86: fix various issues with handling guest IRQs
- properly revoke IRQ access in map_domain_pirq() error path
- don't permit replacing an in use IRQ
- don't accept inputs in the GSI range for MAP_PIRQ_TYPE_MSI
- track IRQ access permission in host IRQ terms, not guest IRQ ones
(and with that, also disallow Dom0 access to IRQ0)
This is CVE-2013-1919 / XSA-46.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Diffstat (limited to 'xen/common/event_channel.c')
-rw-r--r-- | xen/common/event_channel.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index 0a6684c6d5..64c976b20a 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -369,7 +369,7 @@ static long evtchn_bind_pirq(evtchn_bind_pirq_t *bind) if ( (pirq < 0) || (pirq >= d->nr_pirqs) ) return -EINVAL; - if ( !is_hvm_domain(d) && !irq_access_permitted(d, pirq) ) + if ( !is_hvm_domain(d) && !pirq_access_permitted(d, pirq) ) return -EPERM; spin_lock(&d->event_lock); |