summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/qemu/qemu/09-xen-pt-mark-reserved-bits-in-PCI-config-space-fields-CVE-2015-4106.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/09-xen-pt-mark-reserved-bits-in-PCI-config-space-fields-CVE-2015-4106.patch')
-rw-r--r--meta/recipes-devtools/qemu/qemu/09-xen-pt-mark-reserved-bits-in-PCI-config-space-fields-CVE-2015-4106.patch93
1 files changed, 93 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/09-xen-pt-mark-reserved-bits-in-PCI-config-space-fields-CVE-2015-4106.patch b/meta/recipes-devtools/qemu/qemu/09-xen-pt-mark-reserved-bits-in-PCI-config-space-fields-CVE-2015-4106.patch
new file mode 100644
index 0000000..d7d4a88
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/09-xen-pt-mark-reserved-bits-in-PCI-config-space-fields-CVE-2015-4106.patch
@@ -0,0 +1,93 @@
+Upstream-Status: Backport
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 0ad3393ad032f76e88b4dbd04d36ad84dff75dd6 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Tue, 2 Jun 2015 15:07:01 +0000
+Subject: xen/pt: mark reserved bits in PCI config space fields
+Bug-Debian: http://bugs.debian.org/787547
+
+The adjustments are solely to make the subsequent patches work right
+(and hence make the patch set consistent), namely if permissive mode
+(introduced by the last patch) gets used (as both reserved registers
+and reserved fields must be similarly protected from guest access in
+default mode, but the guest should be allowed access to them in
+permissive mode).
+
+This is a preparatory patch for XSA-131.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+---
+ hw/xen/xen_pt.h | 2 ++
+ hw/xen/xen_pt_config_init.c | 14 +++++++++-----
+ 2 files changed, 11 insertions(+), 5 deletions(-)
+
+Index: qemu-2.2.0/hw/xen/xen_pt.h
+===================================================================
+--- qemu-2.2.0.orig/hw/xen/xen_pt.h
++++ qemu-2.2.0/hw/xen/xen_pt.h
+@@ -101,6 +101,8 @@ struct XenPTRegInfo {
+ uint32_t offset;
+ uint32_t size;
+ uint32_t init_val;
++ /* reg reserved field mask (ON:reserved, OFF:defined) */
++ uint32_t res_mask;
+ /* reg read only field mask (ON:RO/ROS, OFF:other) */
+ uint32_t ro_mask;
+ /* reg emulate field mask (ON:emu, OFF:passthrough) */
+Index: qemu-2.2.0/hw/xen/xen_pt_config_init.c
+===================================================================
+--- qemu-2.2.0.orig/hw/xen/xen_pt_config_init.c
++++ qemu-2.2.0/hw/xen/xen_pt_config_init.c
+@@ -580,8 +580,8 @@ static XenPTRegInfo xen_pt_emu_reg_heade
+ .offset = PCI_VENDOR_ID,
+ .size = 2,
+ .init_val = 0x0000,
+- .ro_mask = 0xFFFF,
+- .emu_mask = 0xFFFF,
++ .res_mask = 0xF880,
++ .emu_mask = 0x0743,
+ .init = xen_pt_vendor_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_word_reg_write,
+@@ -627,7 +627,8 @@ static XenPTRegInfo xen_pt_emu_reg_heade
+ .offset = PCI_STATUS,
+ .size = 2,
+ .init_val = 0x0000,
+- .ro_mask = 0x06FF,
++ .res_mask = 0x0007,
++ .ro_mask = 0x06F8,
+ .emu_mask = 0x0010,
+ .init = xen_pt_status_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+@@ -1004,7 +1005,8 @@ static XenPTRegInfo xen_pt_emu_reg_pm[]
+ .offset = PCI_PM_CTRL,
+ .size = 2,
+ .init_val = 0x0008,
+- .ro_mask = 0xE1FC,
++ .res_mask = 0x00F0,
++ .ro_mask = 0xE10C,
+ .emu_mask = 0x810B,
+ .init = xen_pt_common_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+@@ -1292,7 +1294,8 @@ static XenPTRegInfo xen_pt_emu_reg_msi[]
+ .offset = PCI_MSI_FLAGS,
+ .size = 2,
+ .init_val = 0x0000,
+- .ro_mask = 0xFF8E,
++ .res_mask = 0xFE00,
++ .ro_mask = 0x018E,
+ .emu_mask = 0x017E,
+ .init = xen_pt_msgctrl_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+@@ -1470,7 +1473,8 @@ static XenPTRegInfo xen_pt_emu_reg_msix[
+ .offset = PCI_MSI_FLAGS,
+ .size = 2,
+ .init_val = 0x0000,
+- .ro_mask = 0x3FFF,
++ .res_mask = 0x3800,
++ .ro_mask = 0x07FF,
+ .emu_mask = 0x0000,
+ .init = xen_pt_msixctrl_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
OpenPOWER on IntegriCloud