CVE-2015-2150 xen: NMIs triggerable by guests (rhbz 1196266 1200397)
Part deux: Fix it harder
This commit is contained in:
parent
0faec04810
commit
995f293459
|
@ -658,6 +658,9 @@ Patch30000: kernel-arm64.patch
|
|||
#rhbz 1204512
|
||||
Patch26174: tun-return-proper-error-code-from-tun_do_read.patch
|
||||
|
||||
#CVE-2015-2150 rhbz 1196266 1200397
|
||||
Patch26175: xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
@ -1424,6 +1427,9 @@ ApplyPatch kernel-arm64.patch -R
|
|||
#rhbz 1204512
|
||||
ApplyPatch tun-return-proper-error-code-from-tun_do_read.patch
|
||||
|
||||
#CVE-2015-2150 rhbz 1196266 1200397
|
||||
ApplyPatch xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
|
@ -2283,6 +2289,9 @@ fi
|
|||
# ||----w |
|
||||
# || ||
|
||||
%changelog
|
||||
* Wed Apr 01 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2015-2150 xen: NMIs triggerable by guests (rhbz 1196266 1200397)
|
||||
|
||||
* Thu Mar 26 2015 Justin M. Forbes <jforbes@fedoraproject.org> - 3.19.3-200
|
||||
- Linux v3.19.3
|
||||
|
||||
|
|
|
@ -0,0 +1,51 @@
|
|||
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
||||
Date: Fri, 27 Mar 2015 13:31:11 -0400
|
||||
Subject: [PATCH] xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
|
||||
|
||||
There is no need for this at all. Worst it means that if
|
||||
the guest tries to write to BARs it could lead (on certain
|
||||
platforms) to PCI SERR errors.
|
||||
|
||||
Please note that with af6fc858a35b90e89ea7a7ee58e66628c55c776b
|
||||
"xen-pciback: limit guest control of command register"
|
||||
a guest is still allowed to enable those control bits (safely), but
|
||||
is not allowed to disable them and that therefore a well behaved
|
||||
frontend which enables things before using them will still
|
||||
function correctly.
|
||||
|
||||
This is done via an write to the configuration register 0x4 which
|
||||
triggers on the backend side:
|
||||
command_write
|
||||
\- pci_enable_device
|
||||
\- pci_enable_device_flags
|
||||
\- do_pci_enable_device
|
||||
\- pcibios_enable_device
|
||||
\-pci_enable_resourcess
|
||||
[which enables the PCI_COMMAND_MEMORY|PCI_COMMAND_IO]
|
||||
|
||||
However guests (and drivers) which don't do this could cause
|
||||
problems, including the security issues which XSA-120 sought
|
||||
to address.
|
||||
|
||||
Reported-by: Jan Beulich <jbeulich@suse.com>
|
||||
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
||||
---
|
||||
drivers/xen/xen-pciback/pciback_ops.c | 2 --
|
||||
1 file changed, 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c
|
||||
index c4a0666de6f5..26e651336787 100644
|
||||
--- a/drivers/xen/xen-pciback/pciback_ops.c
|
||||
+++ b/drivers/xen/xen-pciback/pciback_ops.c
|
||||
@@ -119,8 +119,6 @@ void xen_pcibk_reset_device(struct pci_dev *dev)
|
||||
if (pci_is_enabled(dev))
|
||||
pci_disable_device(dev);
|
||||
|
||||
- pci_write_config_word(dev, PCI_COMMAND, 0);
|
||||
-
|
||||
dev->is_busmaster = 0;
|
||||
} else {
|
||||
pci_read_config_word(dev, PCI_COMMAND, &cmd);
|
||||
--
|
||||
2.1.0
|
||||
|
Loading…
Reference in New Issue