[xen/f16] VT-d interrupt remapping source validation flaw CVE-2012-5634

[myoung]

commit b98e14039579170fdb8d6b8262664601fa4e704c
Author: Michael Young <m.a.young at durham.ac.uk>
Date:   Sat Jan 12 12:27:01 2013 +0000

    VT-d interrupt remapping source validation flaw CVE-2012-5634

 xen.spec        |   10 +++++++++-
 xsa33-4.1.patch |   21 +++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletions(-)
---
diff --git a/xen.spec b/xen.spec
index 86e6f39..b830f2e 100644
--- a/xen.spec
+++ b/xen.spec
@@ -10,7 +10,7 @@
 Summary: Xen is a virtual machine monitor
 Name:    xen
 Version: 4.1.4
-Release: 1%{?dist}
+Release: 2%{?dist}
 Group:   Development/Libraries
 License: GPLv2+ and LGPLv2+ and BSD
 URL:     http://xen.org/
@@ -56,6 +56,8 @@ Patch52: upstream-23938:fa04fbd56521-rework
 Patch53: upstream-23939:51288f69523f-rework
 Patch54: upstream-23940:187d59e32a58
 
+Patch55: xsa33-4.1.patch
+
 Patch100: xen-configure-xend.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -211,6 +213,8 @@ manage Xen virtual machines.
 %patch53 -p1
 %patch54 -p1
 
+%patch55 -p1
+
 %patch100 -p1
 
 # stubdom sources
@@ -616,6 +620,10 @@ rm -rf %{buildroot}
 %endif
 
 %changelog
+* Sat Jan 12 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-2
+- VT-d interrupt remapping source validation flaw [XSA-33,
+    CVE-2012-5634] (#893568)
+
 * Tue Dec 18 2012 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-1
 - update to xen-4.1.4
 - remove patches that are included in 4.1.4
diff --git a/xsa33-4.1.patch b/xsa33-4.1.patch
new file mode 100644
index 0000000..d0bdeb4
--- /dev/null
+++ b/xsa33-4.1.patch
@@ -0,0 +1,21 @@
+VT-d: fix interrupt remapping source validation for devices behind
+legacy bridges
+
+Using SVT_VERIFY_BUS here doesn't make sense; native Linux also
+uses SVT_VERIFY_SID_SQ here instead.
+
+This is XSA-33 / CVE-2012-5634.
+
+Signed-off-by: Jan Beulich <jbeulich at suse.com>
+
+--- a/xen/drivers/passthrough/vtd/intremap.c
++++ b/xen/drivers/passthrough/vtd/intremap.c
+@@ -499,7 +499,7 @@ static void set_msi_source_id(struct pci_dev *pdev, struct iremap_entry *ire)
+                 set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
+                             (bus << 8) | pdev->bus);
+             else if ( pdev_type(bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE )
+-                set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
++                set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16,
+                             PCI_BDF2(bus, devfn));
+         }
+         break;