jwboyer pushed to kernel (f21). "CVE-2015-2150 xen: NMIs triggerable by guests (rhbz 1196266 1200397) (..more)"
notifications at fedoraproject.org
notifications at fedoraproject.org
Wed Apr 1 12:43:49 UTC 2015
>From 995f293459ac325770513ea8a544020dbcd96f71 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer at fedoraproject.org>
Date: Wed, 1 Apr 2015 08:38:46 -0400
Subject: CVE-2015-2150 xen: NMIs triggerable by guests (rhbz 1196266 1200397)
Part deux: Fix it harder
diff --git a/kernel.spec b/kernel.spec
index 62e5d20..b67b1b3 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -658,6 +658,9 @@ Patch30000: kernel-arm64.patch
#rhbz 1204512
Patch26174: tun-return-proper-error-code-from-tun_do_read.patch
+#CVE-2015-2150 rhbz 1196266 1200397
+Patch26175: xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
+
# END OF PATCH DEFINITIONS
%endif
@@ -1424,6 +1427,9 @@ ApplyPatch kernel-arm64.patch -R
#rhbz 1204512
ApplyPatch tun-return-proper-error-code-from-tun_do_read.patch
+#CVE-2015-2150 rhbz 1196266 1200397
+ApplyPatch xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2283,6 +2289,9 @@ fi
# ||----w |
# || ||
%changelog
+* Wed Apr 01 2015 Josh Boyer <jwboyer at fedoraproject.org>
+- CVE-2015-2150 xen: NMIs triggerable by guests (rhbz 1196266 1200397)
+
* Thu Mar 26 2015 Justin M. Forbes <jforbes at fedoraproject.org> - 3.19.3-200
- Linux v3.19.3
diff --git a/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch b/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
new file mode 100644
index 0000000..de35651
--- /dev/null
+++ b/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
@@ -0,0 +1,51 @@
+From: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com>
+Date: Fri, 27 Mar 2015 13:31:11 -0400
+Subject: [PATCH] xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
+
+There is no need for this at all. Worst it means that if
+the guest tries to write to BARs it could lead (on certain
+platforms) to PCI SERR errors.
+
+Please note that with af6fc858a35b90e89ea7a7ee58e66628c55c776b
+"xen-pciback: limit guest control of command register"
+a guest is still allowed to enable those control bits (safely), but
+is not allowed to disable them and that therefore a well behaved
+frontend which enables things before using them will still
+function correctly.
+
+This is done via an write to the configuration register 0x4 which
+triggers on the backend side:
+command_write
+ \- pci_enable_device
+ \- pci_enable_device_flags
+ \- do_pci_enable_device
+ \- pcibios_enable_device
+ \-pci_enable_resourcess
+ [which enables the PCI_COMMAND_MEMORY|PCI_COMMAND_IO]
+
+However guests (and drivers) which don't do this could cause
+problems, including the security issues which XSA-120 sought
+to address.
+
+Reported-by: Jan Beulich <jbeulich at suse.com>
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com>
+---
+ drivers/xen/xen-pciback/pciback_ops.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c
+index c4a0666de6f5..26e651336787 100644
+--- a/drivers/xen/xen-pciback/pciback_ops.c
++++ b/drivers/xen/xen-pciback/pciback_ops.c
+@@ -119,8 +119,6 @@ void xen_pcibk_reset_device(struct pci_dev *dev)
+ if (pci_is_enabled(dev))
+ pci_disable_device(dev);
+
+- pci_write_config_word(dev, PCI_COMMAND, 0);
+-
+ dev->is_busmaster = 0;
+ } else {
+ pci_read_config_word(dev, PCI_COMMAND, &cmd);
+--
+2.1.0
+
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f21&id=995f293459ac325770513ea8a544020dbcd96f71
More information about the scm-commits
mailing list