ACK: [SRU][O][PATCH 0/1] CVE-2024-56669
Agathe Porte
agathe.porte at canonical.com
Thu Feb 6 12:41:56 UTC 2025
2025-02-05 18:12 CET, Massimiliano Pellizzer:
> [Impact]
>
> iommu/vt-d: Remove cache tags before disabling ATS
>
> The current implementation removes cache tags after disabling ATS,
> leading to potential memory leaks and kernel crashes. Specifically,
> CACHE_TAG_DEVTLB type cache tags may still remain in the list even
> after the domain is freed, causing a use-after-free condition.
>
> This issue really shows up when multiple VFs from different PFs
> passed through to a single user-space process via vfio-pci. In such
> cases, the kernel may crash.
>
> Move cache_tag_unassign_domain() before iommu_disable_pci_caps() to fix
> it.
>
> [Fix]
>
> Oracular: Cherry picked from mainline
> Noble: Not affected
> Jammy: Not affected
> Focal: Not affected
>
> [Test Case]
>
> Compile tested only.
>
> [Where problems could occur]
>
> The fix affects the Intel IOMMU subsystem. An issue with this fix may
> lead to system instability during operations involving DMA mapping or
> unmapping.
>
> Lu Baolu (1):
> iommu/vt-d: Remove cache tags before disabling ATS
>
> drivers/iommu/intel/iommu.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
Acked-by: Agathe Porte <agathe.porte at canonical.com>
More information about the kernel-team
mailing list