CVE-2024-45818

The hypervisor contains code to accelerate VGA memory accesses for HVM<br /> guests, when the (virtual) VGA is in "standard" mode. Locking involved<br /> there has an unusual discipline, leaving a lock acquired past the<br /> return from the function that acquired it. This behavior results in a<br /> problem when emulating an instruction with two memory accesses, both of<br /> which touch VGA memory (plus some further constraints which aren&amp;#39;t<br /> relevant here). When emulating the 2nd access, the lock that is already<br /> being held would be attempted to be re-acquired, resulting in a<br /> deadlock.<br /> <br /> This deadlock was already found when the code was first introduced, but<br /> was analysed incorrectly and the fix was incomplete. Analysis in light<br /> of the new finding cannot find a way to make the existing locking<br /> discipline work.<br /> <br /> In staging, this logic has all been removed because it was discovered<br /> to be accidentally disabled since Xen 4.7. Therefore, we are fixing the<br /> locking problem by backporting the removal of most of the feature. Note<br /> that even with the feature disabled, the lock would still be acquired<br /> for any accesses to the VGA MMIO region.