summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kernel.spec9
-rw-r--r--xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch51
2 files changed, 60 insertions, 0 deletions
diff --git a/kernel.spec b/kernel.spec
index c565b8b88..7b580905e 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -631,6 +631,9 @@ Patch26171: acpi-video-Add-force-native-backlight-quirk-for-Leno.patch
#rhbz 1203584
Patch26174: Input-ALPS-fix-max-coordinates-for-v5-and-v7-protoco.patch
+#CVE-2015-2150 rhbz 1196266 1200397
+Patch26175: xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
+
# END OF PATCH DEFINITIONS
%endif
@@ -1373,6 +1376,9 @@ ApplyPatch acpi-video-Add-force-native-backlight-quirk-for-Leno.patch
#rhbz 1203584
ApplyPatch Input-ALPS-fix-max-coordinates-for-v5-and-v7-protoco.patch
+#CVE-2015-2150 rhbz 1196266 1200397
+ApplyPatch xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2223,6 +2229,9 @@ fi
#
#
%changelog
+* Wed Apr 01 2015 Josh Boyer <jwboyer@fedoraproject.org>
+- CVE-2015-2150 xen: NMIs triggerable by guests (rhbz 1196266 1200397)
+
* Tue Mar 31 2015 Josh Boyer <jwboyer@fedoraproject.org>
- Enable MLX4_EN_VXLAN (rhbz 1207728)
diff --git a/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch b/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
new file mode 100644
index 000000000..de3565152
--- /dev/null
+++ b/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
@@ -0,0 +1,51 @@
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Date: Fri, 27 Mar 2015 13:31:11 -0400
+Subject: [PATCH] xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
+
+There is no need for this at all. Worst it means that if
+the guest tries to write to BARs it could lead (on certain
+platforms) to PCI SERR errors.
+
+Please note that with af6fc858a35b90e89ea7a7ee58e66628c55c776b
+"xen-pciback: limit guest control of command register"
+a guest is still allowed to enable those control bits (safely), but
+is not allowed to disable them and that therefore a well behaved
+frontend which enables things before using them will still
+function correctly.
+
+This is done via an write to the configuration register 0x4 which
+triggers on the backend side:
+command_write
+ \- pci_enable_device
+ \- pci_enable_device_flags
+ \- do_pci_enable_device
+ \- pcibios_enable_device
+ \-pci_enable_resourcess
+ [which enables the PCI_COMMAND_MEMORY|PCI_COMMAND_IO]
+
+However guests (and drivers) which don't do this could cause
+problems, including the security issues which XSA-120 sought
+to address.
+
+Reported-by: Jan Beulich <jbeulich@suse.com>
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+---
+ drivers/xen/xen-pciback/pciback_ops.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c
+index c4a0666de6f5..26e651336787 100644
+--- a/drivers/xen/xen-pciback/pciback_ops.c
++++ b/drivers/xen/xen-pciback/pciback_ops.c
+@@ -119,8 +119,6 @@ void xen_pcibk_reset_device(struct pci_dev *dev)
+ if (pci_is_enabled(dev))
+ pci_disable_device(dev);
+
+- pci_write_config_word(dev, PCI_COMMAND, 0);
+-
+ dev->is_busmaster = 0;
+ } else {
+ pci_read_config_word(dev, PCI_COMMAND, &cmd);
+--
+2.1.0
+