CVE-2015-2150 xen: NMIs triggerable by guests (rhbz 1196266 1200397)
Part deux: Fix it harder
This commit is contained in:
Josh Boyer
parent
5fd2f45801
commit
9adfc18494
@ -631,6 +631,9 @@ Patch26171: acpi-video-Add-force-native-backlight-quirk-for-Leno.patch
|
||||
#rhbz 1203584
|
||||
Patch26174: Input-ALPS-fix-max-coordinates-for-v5-and-v7-protoco.patch
|
||||
|
||||
#CVE-2015-2150 rhbz 1196266 1200397
|
||||
Patch26175: xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
@ -1373,6 +1376,9 @@ ApplyPatch acpi-video-Add-force-native-backlight-quirk-for-Leno.patch
|
||||
#rhbz 1203584
|
||||
ApplyPatch Input-ALPS-fix-max-coordinates-for-v5-and-v7-protoco.patch
|
||||
|
||||
#CVE-2015-2150 rhbz 1196266 1200397
|
||||
ApplyPatch xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
@ -2223,6 +2229,9 @@ fi
|
||||
#
|
||||
#
|
||||
%changelog
|
||||
* Wed Apr 01 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2015-2150 xen: NMIs triggerable by guests (rhbz 1196266 1200397)
|
||||
|
||||
* Tue Mar 31 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Enable MLX4_EN_VXLAN (rhbz 1207728)
|
||||
|
||||
|
||||
51
xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
Normal file
51
xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
Normal file
@ -0,0 +1,51 @@
|
||||
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
||||
Date: Fri, 27 Mar 2015 13:31:11 -0400
|
||||
Subject: [PATCH] xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
|
||||
|
||||
There is no need for this at all. Worst it means that if
|
||||
the guest tries to write to BARs it could lead (on certain
|
||||
platforms) to PCI SERR errors.
|
||||
|
||||
Please note that with af6fc858a35b90e89ea7a7ee58e66628c55c776b
|
||||
"xen-pciback: limit guest control of command register"
|
||||
a guest is still allowed to enable those control bits (safely), but
|
||||
is not allowed to disable them and that therefore a well behaved
|
||||
frontend which enables things before using them will still
|
||||
function correctly.
|
||||
|
||||
This is done via an write to the configuration register 0x4 which
|
||||
triggers on the backend side:
|
||||
command_write
|
||||
\- pci_enable_device
|
||||
\- pci_enable_device_flags
|
||||
\- do_pci_enable_device
|
||||
\- pcibios_enable_device
|
||||
\-pci_enable_resourcess
|
||||
[which enables the PCI_COMMAND_MEMORY|PCI_COMMAND_IO]
|
||||
|
||||
However guests (and drivers) which don't do this could cause
|
||||
problems, including the security issues which XSA-120 sought
|
||||
to address.
|
||||
|
||||
Reported-by: Jan Beulich <jbeulich@suse.com>
|
||||
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
||||
---
|
||||
drivers/xen/xen-pciback/pciback_ops.c | 2 --
|
||||
1 file changed, 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c
|
||||
index c4a0666de6f5..26e651336787 100644
|
||||
--- a/drivers/xen/xen-pciback/pciback_ops.c
|
||||
+++ b/drivers/xen/xen-pciback/pciback_ops.c
|
||||
@@ -119,8 +119,6 @@ void xen_pcibk_reset_device(struct pci_dev *dev)
|
||||
if (pci_is_enabled(dev))
|
||||
pci_disable_device(dev);
|
||||
|
||||
- pci_write_config_word(dev, PCI_COMMAND, 0);
|
||||
-
|
||||
dev->is_busmaster = 0;
|
||||
} else {
|
||||
pci_read_config_word(dev, PCI_COMMAND, &cmd);
|
||||
--
|
||||
2.1.0
|
||||
|
||||
Loading…
Reference in New Issue
Block a user