[kernel] r19988 - in dists/squeeze-security/linux-2.6/debian: . patches/bugfix/all patches/series

Sun Apr 28 20:36:59 UTC 2013

Author: benh
Date: Sun Apr 28 20:36:59 2013
New Revision: 19988

Log:
intel-iommu: Flush unmaps at domain_exit

While testing the fix for CVE-2012-2121, device assignment kept
failing and this triggered a separate bug that crashed the system.
So fix that as well.

Added:
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/intel-iommu-Flush-unmaps-at-domain_exit.patch
Modified:
   dists/squeeze-security/linux-2.6/debian/changelog
   dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze2

Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================

--- dists/squeeze-security/linux-2.6/debian/changelog	Sun Apr 28 20:27:15 2013	(r19987)
+++ dists/squeeze-security/linux-2.6/debian/changelog	Sun Apr 28 20:36:59 2013	(r19988)
@@ -33,6 +33,7 @@
   * xfrm_user: return error pointer instead of NULL (CVE-2013-1826)
   * USB: cdc-wdm: fix buffer overflow (CVE-2013-1860)
   * dcbnl: Fix netlink info leak (CVE-2013-2634)
+  * intel-iommu: Flush unmaps at domain_exit
 
  -- dann frazier <dannf at dannf.org>  Mon, 11 Mar 2013 08:47:43 +0100
 

Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/intel-iommu-Flush-unmaps-at-domain_exit.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/intel-iommu-Flush-unmaps-at-domain_exit.patch	Sun Apr 28 20:36:59 2013	(r19988)
@@ -0,0 +1,33 @@
+From: Alex Williamson <alex.williamson at redhat.com>
+Date: Tue, 24 May 2011 12:02:41 +0100
+Subject: intel-iommu: Flush unmaps at domain_exit
+
+commit 7b668357810ecb5fdda4418689d50f5d95aea6a8 upstream.
+
+We typically batch unmaps to be lazily flushed out at
+regular intervals.  When we destroy a domain, we need
+to force a flush of these lazy unmaps to be sure none
+reference the domain we're about to free.
+
+Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=35062
+Signed-off-by: Alex Williamson <alex.williamson at redhat.com>
+Signed-off-by: David Woodhouse <David.Woodhouse at intel.com>
+---
+ drivers/pci/intel-iommu.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/pci/intel-iommu.c b/drivers/pci/intel-iommu.c
+index 5b680df..c1a7b01 100644
+--- a/drivers/pci/intel-iommu.c
++++ b/drivers/pci/intel-iommu.c
+@@ -1434,6 +1434,10 @@ static void domain_exit(struct dmar_domain *domain)
+ 	if (!domain)
+ 		return;
+ 
++	/* Flush any lazy unmaps that may reference this domain */
++	if (!intel_iommu_strict)
++		flush_unmaps_timeout(0);
++
+ 	domain_remove_dev_info(domain);
+ 	/* destroy iovas */
+ 	put_iova_domain(&domain->iovad);

Modified: dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze2
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze2	Sun Apr 28 20:27:15 2013	(r19987)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze2	Sun Apr 28 20:36:59 2013	(r19988)
@@ -33,3 +33,4 @@
 + bugfix/all/xfrm_user-return-error-pointer-instead-of-NULL-2.patch 
 + bugfix/all/USB-cdc-wdm-fix-buffer-overflow.patch
 + bugfix/all/dcbnl-fix-various-netlink-info-leaks.patch
++ bugfix/all/intel-iommu-Flush-unmaps-at-domain_exit.patch

