CVE-2015-2150 xen: NMIs triggerable by guests (rhbz 1196266 1200397)

Part deux: Fix it harder
This commit is contained in:
Josh Boyer 2015-04-01 08:38:46 -04:00
parent 0faec04810
commit 995f293459
2 changed files with 60 additions and 0 deletions

View File

@ -658,6 +658,9 @@ Patch30000: kernel-arm64.patch
#rhbz 1204512
Patch26174: tun-return-proper-error-code-from-tun_do_read.patch
#CVE-2015-2150 rhbz 1196266 1200397
Patch26175: xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
# END OF PATCH DEFINITIONS
%endif
@ -1424,6 +1427,9 @@ ApplyPatch kernel-arm64.patch -R
#rhbz 1204512
ApplyPatch tun-return-proper-error-code-from-tun_do_read.patch
#CVE-2015-2150 rhbz 1196266 1200397
ApplyPatch xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
# END OF PATCH APPLICATIONS
%endif
@ -2283,6 +2289,9 @@ fi
# ||----w |
# || ||
%changelog
* Wed Apr 01 2015 Josh Boyer <jwboyer@fedoraproject.org>
- CVE-2015-2150 xen: NMIs triggerable by guests (rhbz 1196266 1200397)
* Thu Mar 26 2015 Justin M. Forbes <jforbes@fedoraproject.org> - 3.19.3-200
- Linux v3.19.3

View File

@ -0,0 +1,51 @@
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Fri, 27 Mar 2015 13:31:11 -0400
Subject: [PATCH] xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
There is no need for this at all. Worst it means that if
the guest tries to write to BARs it could lead (on certain
platforms) to PCI SERR errors.
Please note that with af6fc858a35b90e89ea7a7ee58e66628c55c776b
"xen-pciback: limit guest control of command register"
a guest is still allowed to enable those control bits (safely), but
is not allowed to disable them and that therefore a well behaved
frontend which enables things before using them will still
function correctly.
This is done via an write to the configuration register 0x4 which
triggers on the backend side:
command_write
\- pci_enable_device
\- pci_enable_device_flags
\- do_pci_enable_device
\- pcibios_enable_device
\-pci_enable_resourcess
[which enables the PCI_COMMAND_MEMORY|PCI_COMMAND_IO]
However guests (and drivers) which don't do this could cause
problems, including the security issues which XSA-120 sought
to address.
Reported-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
---
drivers/xen/xen-pciback/pciback_ops.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c
index c4a0666de6f5..26e651336787 100644
--- a/drivers/xen/xen-pciback/pciback_ops.c
+++ b/drivers/xen/xen-pciback/pciback_ops.c
@@ -119,8 +119,6 @@ void xen_pcibk_reset_device(struct pci_dev *dev)
if (pci_is_enabled(dev))
pci_disable_device(dev);
- pci_write_config_word(dev, PCI_COMMAND, 0);
-
dev->is_busmaster = 0;
} else {
pci_read_config_word(dev, PCI_COMMAND, &cmd);
--
2.1.0