APPLIED: [SRU][O][PATCH 0/1] CVE-2024-56669
Koichiro Den
koichiro.den at canonical.com
Fri Feb 7 04:09:07 UTC 2025
On Wed, Feb 05, 2025 at 06:11:14PM GMT, Massimiliano Pellizzer wrote:
> [Impact]
>
> iommu/vt-d: Remove cache tags before disabling ATS
>
> The current implementation removes cache tags after disabling ATS,
> leading to potential memory leaks and kernel crashes. Specifically,
> CACHE_TAG_DEVTLB type cache tags may still remain in the list even
> after the domain is freed, causing a use-after-free condition.
>
> This issue really shows up when multiple VFs from different PFs
> passed through to a single user-space process via vfio-pci. In such
> cases, the kernel may crash.
>
> Move cache_tag_unassign_domain() before iommu_disable_pci_caps() to fix
> it.
>
> [Fix]
>
> Oracular: Cherry picked from mainline
> Noble: Not affected
> Jammy: Not affected
> Focal: Not affected
>
> [Test Case]
>
> Compile tested only.
>
> [Where problems could occur]
>
> The fix affects the Intel IOMMU subsystem. An issue with this fix may
> lead to system instability during operations involving DMA mapping or
> unmapping.
>
> Lu Baolu (1):
> iommu/vt-d: Remove cache tags before disabling ATS
>
> drivers/iommu/intel/iommu.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
Applied to oracular:linux master-next branch. Thanks!
More information about the kernel-team
mailing list