fef3cfaaab
* gnu/packages/patches/qemu-CVE-2015-4037.patch, gnu/packages/patches/qemu-CVE-2015-4103.patch, gnu/packages/patches/qemu-CVE-2015-4104.patch, gnu/packages/patches/qemu-CVE-2015-4105.patch, gnu/packages/patches/qemu-CVE-2015-4106-pt1.patch, gnu/packages/patches/qemu-CVE-2015-4106-pt2.patch, gnu/packages/patches/qemu-CVE-2015-4106-pt3.patch, gnu/packages/patches/qemu-CVE-2015-4106-pt4.patch, gnu/packages/patches/qemu-CVE-2015-4106-pt5.patch, gnu/packages/patches/qemu-CVE-2015-4106-pt6.patch, gnu/packages/patches/qemu-CVE-2015-4106-pt7.patch, gnu/packages/patches/qemu-CVE-2015-4106-pt8.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/qemu.scm (qemu-headless)[source]: Add patches.
72 lines
2.5 KiB
Diff
72 lines
2.5 KiB
Diff
From d1d35cf4ffb6a60a356193397919e83306d0bb74 Mon Sep 17 00:00:00 2001
|
|
From: Jan Beulich <jbeulich@suse.com>
|
|
Date: Tue, 2 Jun 2015 15:07:01 +0000
|
|
Subject: [PATCH] xen/MSI: don't open-code pass-through of enable bit
|
|
modifications
|
|
|
|
Without this the actual XSA-131 fix would cause the enable bit to not
|
|
get set anymore (due to the write back getting suppressed there based
|
|
on the OR of emu_mask, ro_mask, and res_mask).
|
|
|
|
Note that the fiddling with the enable bit shouldn't really be done by
|
|
qemu, but making this work right (via libxc and the hypervisor) will
|
|
require more extensive changes, which can be postponed until after the
|
|
security issue got addressed.
|
|
|
|
This is a preparatory patch for XSA-131.
|
|
|
|
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
|
|
---
|
|
hw/xen/xen_pt_config_init.c | 10 ++--------
|
|
1 file changed, 2 insertions(+), 8 deletions(-)
|
|
|
|
diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
|
|
index 68b8f22..436d0fd 100644
|
|
--- a/hw/xen/xen_pt_config_init.c
|
|
+++ b/hw/xen/xen_pt_config_init.c
|
|
@@ -1053,7 +1053,6 @@ static int xen_pt_msgctrl_reg_write(XenPCIPassthroughState *s,
|
|
XenPTMSI *msi = s->msi;
|
|
uint16_t writable_mask = 0;
|
|
uint16_t throughable_mask = 0;
|
|
- uint16_t raw_val;
|
|
|
|
/* Currently no support for multi-vector */
|
|
if (*val & PCI_MSI_FLAGS_QSIZE) {
|
|
@@ -1066,12 +1065,11 @@ static int xen_pt_msgctrl_reg_write(XenPCIPassthroughState *s,
|
|
msi->flags |= cfg_entry->data & ~PCI_MSI_FLAGS_ENABLE;
|
|
|
|
/* create value for writing to I/O device register */
|
|
- raw_val = *val;
|
|
throughable_mask = ~reg->emu_mask & valid_mask;
|
|
*val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
|
|
|
|
/* update MSI */
|
|
- if (raw_val & PCI_MSI_FLAGS_ENABLE) {
|
|
+ if (*val & PCI_MSI_FLAGS_ENABLE) {
|
|
/* setup MSI pirq for the first time */
|
|
if (!msi->initialized) {
|
|
/* Init physical one */
|
|
@@ -1099,10 +1097,6 @@ static int xen_pt_msgctrl_reg_write(XenPCIPassthroughState *s,
|
|
xen_pt_msi_disable(s);
|
|
}
|
|
|
|
- /* pass through MSI_ENABLE bit */
|
|
- *val &= ~PCI_MSI_FLAGS_ENABLE;
|
|
- *val |= raw_val & PCI_MSI_FLAGS_ENABLE;
|
|
-
|
|
return 0;
|
|
}
|
|
|
|
@@ -1301,7 +1295,7 @@ static XenPTRegInfo xen_pt_emu_reg_msi[] = {
|
|
.size = 2,
|
|
.init_val = 0x0000,
|
|
.ro_mask = 0xFF8E,
|
|
- .emu_mask = 0x017F,
|
|
+ .emu_mask = 0x017E,
|
|
.init = xen_pt_msgctrl_reg_init,
|
|
.u.w.read = xen_pt_word_reg_read,
|
|
.u.w.write = xen_pt_msgctrl_reg_write,
|
|
--
|
|
2.2.1
|
|
|