diff options
| author | Jinjie Ruan <ruanjinjie@huawei.com> | 2024-04-09 11:05:36 +0000 |
|---|---|---|
| committer | openeuler-sync-bot <openeuler.syncbot@gmail.com> | 2024-04-10 14:19:24 +0800 |
| commit | a2db63f28fe506d7386aa48ed82f3a05d0b3e8cd (patch) | |
| tree | 1ad8db45e25981c7716990be7d42d6cc2aa35aca | |
| parent | ea090464cd5ebfd03a2acea8fe0ed3ba8398d1a4 (diff) | |
| download | openEuler-kernel-a2db63f28fe506d7386aa48ed82f3a05d0b3e8cd.tar.gz | |
KVM: arm64: vgic-its: Fix CVE-2024-26598 fix patch issue
hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I9F351
CVE: CVE-2024-26598
--------------------------------------
The commit d1e388dbca87 ("KVM: arm64: vgic-its: Avoid potential UAF in LPI
translation cache") fix CVE-2024-26598 erroneously, correct it.
Fixes: d1e388dbca87 ("KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
(cherry picked from commit 66069c0eb0f8f4d566a31d2b54933542de0ce015)
| -rw-r--r-- | arch/arm64/kvm/vgic/vgic-its.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/arm64/kvm/vgic/vgic-its.c b/arch/arm64/kvm/vgic/vgic-its.c index 9c7bd5a8aa3527..1868cc0f0feec2 100644 --- a/arch/arm64/kvm/vgic/vgic-its.c +++ b/arch/arm64/kvm/vgic/vgic-its.c @@ -782,7 +782,6 @@ static int vgic_its_trigger_msi(struct kvm *kvm, struct vgic_its *its, raw_spin_lock_irqsave(&irq->irq_lock, flags); irq->pending_latch = true; vgic_queue_irq_unlock(kvm, irq, flags); - vgic_put_irq(kvm, irq); return 0; } @@ -801,6 +800,7 @@ int vgic_its_inject_cached_translation(struct kvm *kvm, struct kvm_msi *msi) raw_spin_lock_irqsave(&irq->irq_lock, flags); irq->pending_latch = true; vgic_queue_irq_unlock(kvm, irq, flags); + vgic_put_irq(kvm, irq); return 0; } |