qemu/s390x-pci-restore-missing-Query-PCI-Func.patch
Bruce Rogers 2746ce73b5 Accepting request 879536 from home:bfrogers:branches:Virtualization
- Fix DoS in e1000 emulated device (CVE-2021-20257 bsc#1182577)
  e1000-fail-early-for-evil-descriptor.patch
- Fix incorrect guest data in s390x PCI passthrough (bsc#1183372)
  s390x-pci-restore-missing-Query-PCI-Func.patch
- Include upstream patches designated as stable material and
  reviewed for applicability to include here
  lsilogic-Use-PCIDevice-exit-instead-of-D.patch
  vhost-user-blk-fix-blkcfg-num_queues-end.patch
- Fix potential privilege escalation in virtfs (CVE-2021-20181
  bsc#1182137)
  9pfs-Fully-restart-unreclaim-loop-CVE-20.patch
- Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639)
  net-vmxnet3-validate-configuration-value.patch

OBS-URL: https://build.opensuse.org/request/show/879536
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=629
2021-03-17 01:17:25 +00:00

42 lines
1.8 KiB
Diff

From: Matthew Rosato <mjrosato@linux.ibm.com>
Date: Thu, 18 Feb 2021 15:53:29 -0500
Subject: s390x/pci: restore missing Query PCI Function CLP data
Git-commit: 403af209db8c030ed1e000640cd3cd80c6882883
References: bsc#1183372
Some CLP response data was accidentally dropped when fixing endianness
issues with the Query PCI Function CLP response. All of these values are
sent as 0s to the guest for emulated devices, so the impact is only
observed on passthrough devices.
Fixes: a4e2fff1b104 ("s390x/pci: fix endianness issues")
Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Message-Id: <1613681609-9349-1-git-send-email-mjrosato@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/s390x/s390-pci-inst.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c
index 70bfd91bf70edafaa7c93469f459..f0ed9ea6f96b1202521ae434e680 100644
--- a/hw/s390x/s390-pci-inst.c
+++ b/hw/s390x/s390-pci-inst.c
@@ -284,10 +284,15 @@ int clp_service_call(S390CPU *cpu, uint8_t r2, uintptr_t ra)
stq_p(&resquery->sdma, pbdev->zpci_fn.sdma);
stq_p(&resquery->edma, pbdev->zpci_fn.edma);
stw_p(&resquery->pchid, pbdev->zpci_fn.pchid);
+ stw_p(&resquery->vfn, pbdev->zpci_fn.vfn);
resquery->flags = pbdev->zpci_fn.flags;
resquery->pfgid = pbdev->zpci_fn.pfgid;
+ resquery->pft = pbdev->zpci_fn.pft;
+ resquery->fmbl = pbdev->zpci_fn.fmbl;
stl_p(&resquery->fid, pbdev->zpci_fn.fid);
stl_p(&resquery->uid, pbdev->zpci_fn.uid);
+ memcpy(resquery->pfip, pbdev->zpci_fn.pfip, CLP_PFIP_NR_SEGMENTS);
+ memcpy(resquery->util_str, pbdev->zpci_fn.util_str, CLP_UTIL_STR_LEN);
for (i = 0; i < PCI_BAR_COUNT; i++) {
uint32_t data = pci_get_long(pbdev->pdev->config +