CVE-2024-56668

In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Fix qi_batch NULL pointer with nested parent domain

The qibatch is allocated when assigning cache tag for a domain. While for nested parent domain, it is missed. Hence, when trying to map pages to the nested parent, NULL dereference occurred. Also, there is potential memleak since there is no lock around domain->qibatch allocation.

To solve it, add a helper for qibatch allocation, and call it in both the _cachetagassigndomain() and _cachetagassignparentdomain().

BUG: kernel NULL pointer dereference, address: 0000000000000200 #PF: supervisor read access in kernel mode #PF: errorcode(0x0000) - not-present page PGD 8104795067 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 223 UID: 0 PID: 4357 Comm: qemu-system-x86 Not tainted 6.13.0-rc1-00028-g4b50c3c3b998-dirty #2632 Call Trace: ? _die+0x24/0x70 ? pagefaultoops+0x80/0x150 ? douseraddrfault+0x63/0x7b0 ? excpagefault+0x7c/0x220 ? asmexcpagefault+0x26/0x30 ? cachetagflushrangenp+0x13c/0x260 inteliommuiotlbsyncmap+0x1a/0x30 iommumap+0x61/0xf0 batchtodomain+0x188/0x250 ioptareafilldomains+0x125/0x320 ? rcuiswatching+0x11/0x50 ioptmappages+0x63/0x100 ioptmapcommon.isra.0+0xa7/0x190 ioptmapuserpages+0x6a/0x80 iommufdioasmap+0xcd/0x1d0 iommufdfopsioctl+0x118/0x1c0 _x64sysioctl+0x93/0xc0 dosyscall64+0x71/0x140 entrySYSCALL64afterhwframe+0x76/0x7e