CVE-2024-56668

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu/vt-d: Fix qi_batch NULL pointer with nested parent domain<br /> <br /> The qi_batch is allocated when assigning cache tag for a domain. While<br /> for nested parent domain, it is missed. Hence, when trying to map pages<br /> to the nested parent, NULL dereference occurred. Also, there is potential<br /> memleak since there is no lock around domain-&gt;qi_batch allocation.<br /> <br /> To solve it, add a helper for qi_batch allocation, and call it in both<br /> the __cache_tag_assign_domain() and __cache_tag_assign_parent_domain().<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000200<br /> #PF: supervisor read access in kernel mode<br /> #PF: error_code(0x0000) - not-present page<br /> PGD 8104795067 P4D 0<br /> Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI<br /> CPU: 223 UID: 0 PID: 4357 Comm: qemu-system-x86 Not tainted 6.13.0-rc1-00028-g4b50c3c3b998-dirty #2632<br /> Call Trace:<br /> ? __die+0x24/0x70<br /> ? page_fault_oops+0x80/0x150<br /> ? do_user_addr_fault+0x63/0x7b0<br /> ? exc_page_fault+0x7c/0x220<br /> ? asm_exc_page_fault+0x26/0x30<br /> ? cache_tag_flush_range_np+0x13c/0x260<br /> intel_iommu_iotlb_sync_map+0x1a/0x30<br /> iommu_map+0x61/0xf0<br /> batch_to_domain+0x188/0x250<br /> iopt_area_fill_domains+0x125/0x320<br /> ? rcu_is_watching+0x11/0x50<br /> iopt_map_pages+0x63/0x100<br /> iopt_map_common.isra.0+0xa7/0x190<br /> iopt_map_user_pages+0x6a/0x80<br /> iommufd_ioas_map+0xcd/0x1d0<br /> iommufd_fops_ioctl+0x118/0x1c0<br /> __x64_sys_ioctl+0x93/0xc0<br /> do_syscall_64+0x71/0x140<br /> entry_SYSCALL_64_after_hwframe+0x76/0x7e