rpms/kernel
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

CVE-2015-2150 xen: NMIs triggerable by guests (rhbz 1196266 1200397)

Browse Source 
Part deux: Fix it harder
This commit is contained in:
Josh Boyer 2015-04-01 08:38:46 -04:00
parent 5fd2f45801
commit 9adfc18494
2 changed files with 60 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
kernel.spec
View File

@ -631,6 +631,9 @@ Patch26171: acpi-video-Add-force-native-backlight-quirk-for-Leno.patch
#rhbz 1203584 #rhbz 1203584
Patch26174: Input-ALPS-fix-max-coordinates-for-v5-and-v7-protoco.patch Patch26174: Input-ALPS-fix-max-coordinates-for-v5-and-v7-protoco.patch
#CVE-2015-2150 rhbz 1196266 1200397
Patch26175: xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
# END OF PATCH DEFINITIONS # END OF PATCH DEFINITIONS
%endif %endif
@ -1373,6 +1376,9 @@ ApplyPatch acpi-video-Add-force-native-backlight-quirk-for-Leno.patch
#rhbz 1203584 #rhbz 1203584
ApplyPatch Input-ALPS-fix-max-coordinates-for-v5-and-v7-protoco.patch ApplyPatch Input-ALPS-fix-max-coordinates-for-v5-and-v7-protoco.patch
#CVE-2015-2150 rhbz 1196266 1200397
ApplyPatch xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
# END OF PATCH APPLICATIONS # END OF PATCH APPLICATIONS
%endif %endif
@ -2223,6 +2229,9 @@ fi
# #
# #
%changelog %changelog
* Wed Apr 01 2015 Josh Boyer <jwboyer@fedoraproject.org>
- CVE-2015-2150 xen: NMIs triggerable by guests (rhbz 1196266 1200397)
* Tue Mar 31 2015 Josh Boyer <jwboyer@fedoraproject.org> * Tue Mar 31 2015 Josh Boyer <jwboyer@fedoraproject.org>
- Enable MLX4_EN_VXLAN (rhbz 1207728) - Enable MLX4_EN_VXLAN (rhbz 1207728)

51
xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch Normal file
View File

@ -0,0 +1,51 @@
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Fri, 27 Mar 2015 13:31:11 -0400
Subject: [PATCH] xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
There is no need for this at all. Worst it means that if
the guest tries to write to BARs it could lead (on certain
platforms) to PCI SERR errors.
Please note that with af6fc858a35b90e89ea7a7ee58e66628c55c776b
"xen-pciback: limit guest control of command register"
a guest is still allowed to enable those control bits (safely), but
is not allowed to disable them and that therefore a well behaved
frontend which enables things before using them will still
function correctly.
This is done via an write to the configuration register 0x4 which
triggers on the backend side:
command_write
\- pci_enable_device
\- pci_enable_device_flags
\- do_pci_enable_device
\- pcibios_enable_device
\-pci_enable_resourcess
[which enables the PCI_COMMAND_MEMORY|PCI_COMMAND_IO]
However guests (and drivers) which don't do this could cause
problems, including the security issues which XSA-120 sought
to address.
Reported-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
---
drivers/xen/xen-pciback/pciback_ops.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c
index c4a0666de6f5..26e651336787 100644
--- a/drivers/xen/xen-pciback/pciback_ops.c
+++ b/drivers/xen/xen-pciback/pciback_ops.c
@@ -119,8 +119,6 @@ void xen_pcibk_reset_device(struct pci_dev *dev)
if (pci_is_enabled(dev))
pci_disable_device(dev);
- pci_write_config_word(dev, PCI_COMMAND, 0);
-
dev->is_busmaster = 0;
} else {
pci_read_config_word(dev, PCI_COMMAND, &cmd);
--
2.1.0