[SRU][O][PATCH 0/1] CVE-2024-56669
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Wed Feb 5 17:11:14 UTC 2025
[Impact]
iommu/vt-d: Remove cache tags before disabling ATS
The current implementation removes cache tags after disabling ATS,
leading to potential memory leaks and kernel crashes. Specifically,
CACHE_TAG_DEVTLB type cache tags may still remain in the list even
after the domain is freed, causing a use-after-free condition.
This issue really shows up when multiple VFs from different PFs
passed through to a single user-space process via vfio-pci. In such
cases, the kernel may crash.
Move cache_tag_unassign_domain() before iommu_disable_pci_caps() to fix
it.
[Fix]
Oracular: Cherry picked from mainline
Noble: Not affected
Jammy: Not affected
Focal: Not affected
[Test Case]
Compile tested only.
[Where problems could occur]
The fix affects the Intel IOMMU subsystem. An issue with this fix may
lead to system instability during operations involving DMA mapping or
unmapping.
Lu Baolu (1):
iommu/vt-d: Remove cache tags before disabling ATS
drivers/iommu/intel/iommu.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--
2.43.0
More information about the kernel-team
mailing list