xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (CVE-2015-8553)
This commit is contained in:
parent
c4517a7e99
commit
4eef18f8b7
|
@ -811,6 +811,10 @@ linux (4.19.34-1) UNRELEASED; urgency=medium
|
|||
[ Bastian Blank ]
|
||||
* Don't longer recommend irqbalance. (closes: #926967)
|
||||
|
||||
[ Salvatore Bonaccorso ]
|
||||
* xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
|
||||
(CVE-2015-8553)
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Mon, 18 Mar 2019 22:50:08 +0000
|
||||
|
||||
linux (4.19.28-2) unstable; urgency=medium
|
||||
|
|
56
debian/patches/bugfix/all/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
vendored
Normal file
56
debian/patches/bugfix/all/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
vendored
Normal file
|
@ -0,0 +1,56 @@
|
|||
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
||||
Date: Wed, 13 Feb 2019 18:21:31 -0500
|
||||
Subject: xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
|
||||
Origin: https://git.kernel.org/linus/7681f31ec9cdacab4fd10570be924f2cef6669ba
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2015-8553
|
||||
Bug: http://xenbits.xen.org/xsa/advisory-120.html
|
||||
|
||||
There is no need for this at all. Worst it means that if
|
||||
the guest tries to write to BARs it could lead (on certain
|
||||
platforms) to PCI SERR errors.
|
||||
|
||||
Please note that with af6fc858a35b90e89ea7a7ee58e66628c55c776b
|
||||
"xen-pciback: limit guest control of command register"
|
||||
a guest is still allowed to enable those control bits (safely), but
|
||||
is not allowed to disable them and that therefore a well behaved
|
||||
frontend which enables things before using them will still
|
||||
function correctly.
|
||||
|
||||
This is done via an write to the configuration register 0x4 which
|
||||
triggers on the backend side:
|
||||
command_write
|
||||
\- pci_enable_device
|
||||
\- pci_enable_device_flags
|
||||
\- do_pci_enable_device
|
||||
\- pcibios_enable_device
|
||||
\-pci_enable_resourcess
|
||||
[which enables the PCI_COMMAND_MEMORY|PCI_COMMAND_IO]
|
||||
|
||||
However guests (and drivers) which don't do this could cause
|
||||
problems, including the security issues which XSA-120 sought
|
||||
to address.
|
||||
|
||||
Reported-by: Jan Beulich <jbeulich@suse.com>
|
||||
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
||||
Reviewed-by: Prarit Bhargava <prarit@redhat.com>
|
||||
Signed-off-by: Juergen Gross <jgross@suse.com>
|
||||
---
|
||||
drivers/xen/xen-pciback/pciback_ops.c | 2 --
|
||||
1 file changed, 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c
|
||||
index ea4a08b83fa0..787966f44589 100644
|
||||
--- a/drivers/xen/xen-pciback/pciback_ops.c
|
||||
+++ b/drivers/xen/xen-pciback/pciback_ops.c
|
||||
@@ -127,8 +127,6 @@ void xen_pcibk_reset_device(struct pci_dev *dev)
|
||||
if (pci_is_enabled(dev))
|
||||
pci_disable_device(dev);
|
||||
|
||||
- pci_write_config_word(dev, PCI_COMMAND, 0);
|
||||
-
|
||||
dev->is_busmaster = 0;
|
||||
} else {
|
||||
pci_read_config_word(dev, PCI_COMMAND, &cmd);
|
||||
--
|
||||
2.11.0
|
||||
|
|
@ -142,6 +142,7 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
|
|||
|
||||
# Security fixes
|
||||
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
||||
bugfix/all/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
|
||||
|
||||
# Fix exported symbol versions
|
||||
bugfix/all/module-disable-matching-missing-version-crc.patch
|
||||
|
|
Loading…
Reference in New Issue