Headline
CVE-2020-15852: x86/ioperm: Fix io bitmap invalidation on Xen PV · torvalds/linux@cadfad8
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154.
Permalink
Browse files
x86/ioperm: Fix io bitmap invalidation on Xen PV
tss_invalidate_io_bitmap() wasn’t wired up properly through the pvop machinery, so the TSS and Xen’s io bitmap would get out of sync whenever disabling a valid io bitmap.
Add a new pvop for tss_invalidate_io_bitmap() to fix it.
This is XSA-329.
Fixes: 22fe5b0 (“x86/ioperm: Move TSS bitmap update to exit to user work”) Signed-off-by: Andy Lutomirski [email protected] Signed-off-by: Thomas Gleixner [email protected] Reviewed-by: Juergen Gross [email protected] Reviewed-by: Thomas Gleixner [email protected] Cc: [email protected] Link: https://lkml.kernel.org/r/d53075590e1f91c19f8af705059d3ff99424c020.1595030016.git.luto@kernel.org
- Loading branch information