[xen/f16] VT-d interrupt remapping source validation flaw CVE-2012-5634
myoung
myoung at fedoraproject.org
Sat Jan 12 12:31:28 UTC 2013
commit b98e14039579170fdb8d6b8262664601fa4e704c
Author: Michael Young <m.a.young at durham.ac.uk>
Date: Sat Jan 12 12:27:01 2013 +0000
VT-d interrupt remapping source validation flaw CVE-2012-5634
xen.spec | 10 +++++++++-
xsa33-4.1.patch | 21 +++++++++++++++++++++
2 files changed, 30 insertions(+), 1 deletions(-)
---
diff --git a/xen.spec b/xen.spec
index 86e6f39..b830f2e 100644
--- a/xen.spec
+++ b/xen.spec
@@ -10,7 +10,7 @@
Summary: Xen is a virtual machine monitor
Name: xen
Version: 4.1.4
-Release: 1%{?dist}
+Release: 2%{?dist}
Group: Development/Libraries
License: GPLv2+ and LGPLv2+ and BSD
URL: http://xen.org/
@@ -56,6 +56,8 @@ Patch52: upstream-23938:fa04fbd56521-rework
Patch53: upstream-23939:51288f69523f-rework
Patch54: upstream-23940:187d59e32a58
+Patch55: xsa33-4.1.patch
+
Patch100: xen-configure-xend.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -211,6 +213,8 @@ manage Xen virtual machines.
%patch53 -p1
%patch54 -p1
+%patch55 -p1
+
%patch100 -p1
# stubdom sources
@@ -616,6 +620,10 @@ rm -rf %{buildroot}
%endif
%changelog
+* Sat Jan 12 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-2
+- VT-d interrupt remapping source validation flaw [XSA-33,
+ CVE-2012-5634] (#893568)
+
* Tue Dec 18 2012 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-1
- update to xen-4.1.4
- remove patches that are included in 4.1.4
diff --git a/xsa33-4.1.patch b/xsa33-4.1.patch
new file mode 100644
index 0000000..d0bdeb4
--- /dev/null
+++ b/xsa33-4.1.patch
@@ -0,0 +1,21 @@
+VT-d: fix interrupt remapping source validation for devices behind
+legacy bridges
+
+Using SVT_VERIFY_BUS here doesn't make sense; native Linux also
+uses SVT_VERIFY_SID_SQ here instead.
+
+This is XSA-33 / CVE-2012-5634.
+
+Signed-off-by: Jan Beulich <jbeulich at suse.com>
+
+--- a/xen/drivers/passthrough/vtd/intremap.c
++++ b/xen/drivers/passthrough/vtd/intremap.c
+@@ -499,7 +499,7 @@ static void set_msi_source_id(struct pci_dev *pdev, struct iremap_entry *ire)
+ set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
+ (bus << 8) | pdev->bus);
+ else if ( pdev_type(bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE )
+- set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
++ set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16,
+ PCI_BDF2(bus, devfn));
+ }
+ break;
More information about the scm-commits
mailing list