diff options
-rw-r--r-- | kernel.spec | 9 | ||||
-rw-r--r-- | xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch | 51 |
2 files changed, 60 insertions, 0 deletions
diff --git a/kernel.spec b/kernel.spec index c565b8b88..7b580905e 100644 --- a/kernel.spec +++ b/kernel.spec @@ -631,6 +631,9 @@ Patch26171: acpi-video-Add-force-native-backlight-quirk-for-Leno.patch #rhbz 1203584 Patch26174: Input-ALPS-fix-max-coordinates-for-v5-and-v7-protoco.patch +#CVE-2015-2150 rhbz 1196266 1200397 +Patch26175: xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch + # END OF PATCH DEFINITIONS %endif @@ -1373,6 +1376,9 @@ ApplyPatch acpi-video-Add-force-native-backlight-quirk-for-Leno.patch #rhbz 1203584 ApplyPatch Input-ALPS-fix-max-coordinates-for-v5-and-v7-protoco.patch +#CVE-2015-2150 rhbz 1196266 1200397 +ApplyPatch xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch + # END OF PATCH APPLICATIONS %endif @@ -2223,6 +2229,9 @@ fi # # %changelog +* Wed Apr 01 2015 Josh Boyer <jwboyer@fedoraproject.org> +- CVE-2015-2150 xen: NMIs triggerable by guests (rhbz 1196266 1200397) + * Tue Mar 31 2015 Josh Boyer <jwboyer@fedoraproject.org> - Enable MLX4_EN_VXLAN (rhbz 1207728) diff --git a/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch b/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch new file mode 100644 index 000000000..de3565152 --- /dev/null +++ b/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch @@ -0,0 +1,51 @@ +From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> +Date: Fri, 27 Mar 2015 13:31:11 -0400 +Subject: [PATCH] xen/pciback: Don't disable PCI_COMMAND on PCI device reset. + +There is no need for this at all. Worst it means that if +the guest tries to write to BARs it could lead (on certain +platforms) to PCI SERR errors. + +Please note that with af6fc858a35b90e89ea7a7ee58e66628c55c776b +"xen-pciback: limit guest control of command register" +a guest is still allowed to enable those control bits (safely), but +is not allowed to disable them and that therefore a well behaved +frontend which enables things before using them will still +function correctly. + +This is done via an write to the configuration register 0x4 which +triggers on the backend side: +command_write + \- pci_enable_device + \- pci_enable_device_flags + \- do_pci_enable_device + \- pcibios_enable_device + \-pci_enable_resourcess + [which enables the PCI_COMMAND_MEMORY|PCI_COMMAND_IO] + +However guests (and drivers) which don't do this could cause +problems, including the security issues which XSA-120 sought +to address. + +Reported-by: Jan Beulich <jbeulich@suse.com> +Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> +--- + drivers/xen/xen-pciback/pciback_ops.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c +index c4a0666de6f5..26e651336787 100644 +--- a/drivers/xen/xen-pciback/pciback_ops.c ++++ b/drivers/xen/xen-pciback/pciback_ops.c +@@ -119,8 +119,6 @@ void xen_pcibk_reset_device(struct pci_dev *dev) + if (pci_is_enabled(dev)) + pci_disable_device(dev); + +- pci_write_config_word(dev, PCI_COMMAND, 0); +- + dev->is_busmaster = 0; + } else { + pci_read_config_word(dev, PCI_COMMAND, &cmd); +-- +2.1.0 + |