diff options
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/09-xen-pt-mark-reserved-bits-in-PCI-config-space-fields-CVE-2015-4106.patch')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/09-xen-pt-mark-reserved-bits-in-PCI-config-space-fields-CVE-2015-4106.patch | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/09-xen-pt-mark-reserved-bits-in-PCI-config-space-fields-CVE-2015-4106.patch b/meta/recipes-devtools/qemu/qemu/09-xen-pt-mark-reserved-bits-in-PCI-config-space-fields-CVE-2015-4106.patch new file mode 100644 index 0000000..d7d4a88 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/09-xen-pt-mark-reserved-bits-in-PCI-config-space-fields-CVE-2015-4106.patch @@ -0,0 +1,93 @@ +Upstream-Status: Backport + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +From 0ad3393ad032f76e88b4dbd04d36ad84dff75dd6 Mon Sep 17 00:00:00 2001 +From: Jan Beulich <jbeulich@suse.com> +Date: Tue, 2 Jun 2015 15:07:01 +0000 +Subject: xen/pt: mark reserved bits in PCI config space fields +Bug-Debian: http://bugs.debian.org/787547 + +The adjustments are solely to make the subsequent patches work right +(and hence make the patch set consistent), namely if permissive mode +(introduced by the last patch) gets used (as both reserved registers +and reserved fields must be similarly protected from guest access in +default mode, but the guest should be allowed access to them in +permissive mode). + +This is a preparatory patch for XSA-131. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +--- + hw/xen/xen_pt.h | 2 ++ + hw/xen/xen_pt_config_init.c | 14 +++++++++----- + 2 files changed, 11 insertions(+), 5 deletions(-) + +Index: qemu-2.2.0/hw/xen/xen_pt.h +=================================================================== +--- qemu-2.2.0.orig/hw/xen/xen_pt.h ++++ qemu-2.2.0/hw/xen/xen_pt.h +@@ -101,6 +101,8 @@ struct XenPTRegInfo { + uint32_t offset; + uint32_t size; + uint32_t init_val; ++ /* reg reserved field mask (ON:reserved, OFF:defined) */ ++ uint32_t res_mask; + /* reg read only field mask (ON:RO/ROS, OFF:other) */ + uint32_t ro_mask; + /* reg emulate field mask (ON:emu, OFF:passthrough) */ +Index: qemu-2.2.0/hw/xen/xen_pt_config_init.c +=================================================================== +--- qemu-2.2.0.orig/hw/xen/xen_pt_config_init.c ++++ qemu-2.2.0/hw/xen/xen_pt_config_init.c +@@ -580,8 +580,8 @@ static XenPTRegInfo xen_pt_emu_reg_heade + .offset = PCI_VENDOR_ID, + .size = 2, + .init_val = 0x0000, +- .ro_mask = 0xFFFF, +- .emu_mask = 0xFFFF, ++ .res_mask = 0xF880, ++ .emu_mask = 0x0743, + .init = xen_pt_vendor_reg_init, + .u.w.read = xen_pt_word_reg_read, + .u.w.write = xen_pt_word_reg_write, +@@ -627,7 +627,8 @@ static XenPTRegInfo xen_pt_emu_reg_heade + .offset = PCI_STATUS, + .size = 2, + .init_val = 0x0000, +- .ro_mask = 0x06FF, ++ .res_mask = 0x0007, ++ .ro_mask = 0x06F8, + .emu_mask = 0x0010, + .init = xen_pt_status_reg_init, + .u.w.read = xen_pt_word_reg_read, +@@ -1004,7 +1005,8 @@ static XenPTRegInfo xen_pt_emu_reg_pm[] + .offset = PCI_PM_CTRL, + .size = 2, + .init_val = 0x0008, +- .ro_mask = 0xE1FC, ++ .res_mask = 0x00F0, ++ .ro_mask = 0xE10C, + .emu_mask = 0x810B, + .init = xen_pt_common_reg_init, + .u.w.read = xen_pt_word_reg_read, +@@ -1292,7 +1294,8 @@ static XenPTRegInfo xen_pt_emu_reg_msi[] + .offset = PCI_MSI_FLAGS, + .size = 2, + .init_val = 0x0000, +- .ro_mask = 0xFF8E, ++ .res_mask = 0xFE00, ++ .ro_mask = 0x018E, + .emu_mask = 0x017E, + .init = xen_pt_msgctrl_reg_init, + .u.w.read = xen_pt_word_reg_read, +@@ -1470,7 +1473,8 @@ static XenPTRegInfo xen_pt_emu_reg_msix[ + .offset = PCI_MSI_FLAGS, + .size = 2, + .init_val = 0x0000, +- .ro_mask = 0x3FFF, ++ .res_mask = 0x3800, ++ .ro_mask = 0x07FF, + .emu_mask = 0x0000, + .init = xen_pt_msixctrl_reg_init, + .u.w.read = xen_pt_word_reg_read, |