3c2f525a91
libxl.pvscsi.patch - bnc#875668 - VUL-0: CVE-2014-3124: xen: XSA-92: HVMOP_set_mem_type allows invalid P2M entries to be created 535fa503-x86-HVM-restrict-HVMOP_set_mem_type.patch (replaces xsa92.patch) - bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts 535a34eb-VT-d-suppress-UR-signaling-for-server-chipsets.patch 535a3516-VT-d-suppress-UR-signaling-for-desktop-chipsets.patch - Upstream patches from Jan 535a354b-passthrough-allow-to-suppress-SERR-and-PERR-signaling.patch 535e31bc-x86-HVM-correct-the-SMEP-logic-for-HVM_CR0_GUEST_RESERVED_BITS.patch 53636978-hvm_set_ioreq_page-releases-wrong-page-in-error-path.patch 53636ebf-x86-fix-guest-CPUID-handling.patch - Fix pygrub to handle VM with no grub/menu.lst file. - Don't use /var/run/xend/boot for temporary boot directory pygrub-boot-legacy-sles.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=314
67 lines
2.4 KiB
Diff
67 lines
2.4 KiB
Diff
References: bnc#826717 CVE-2013-3495 XSA-59
|
|
|
|
# Commit d6cb14b34ffc2a830022d059f1aa22bf19dcf55f
|
|
# Date 2014-04-25 12:12:38 +0200
|
|
# Author Jan Beulich <jbeulich@suse.com>
|
|
# Committer Jan Beulich <jbeulich@suse.com>
|
|
VT-d: suppress UR signaling for desktop chipsets
|
|
|
|
Unsupported Requests can be signaled for malformed writes to the MSI
|
|
address region, e.g. due to buggy or malicious DMA set up to that
|
|
region. These should normally result in IOMMU faults, but don't on
|
|
the desktop chipsets dealt with here.
|
|
|
|
This is CVE-2013-3495 / XSA-59.
|
|
|
|
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
Acked-by: Don Dugger <donald.d.dugger@intel.com>
|
|
Acked-by: Tim Deegan <tim@xen.org>
|
|
Acked-by: Xiantao Zhang <xiantao.zhang@intel.com>
|
|
|
|
--- a/xen/drivers/passthrough/vtd/quirks.c
|
|
+++ b/xen/drivers/passthrough/vtd/quirks.c
|
|
@@ -393,6 +393,8 @@ void __init pci_vtd_quirk(struct pci_dev
|
|
int func = PCI_FUNC(pdev->devfn);
|
|
int pos;
|
|
u32 val;
|
|
+ u64 bar;
|
|
+ paddr_t pa;
|
|
|
|
if ( pci_conf_read16(seg, bus, dev, func, PCI_VENDOR_ID) !=
|
|
PCI_VENDOR_ID_INTEL )
|
|
@@ -454,5 +456,33 @@ void __init pci_vtd_quirk(struct pci_dev
|
|
printk(XENLOG_INFO "Masked UR signaling on %04x:%02x:%02x.%u\n",
|
|
seg, bus, dev, func);
|
|
break;
|
|
+
|
|
+ case 0x100: case 0x104: case 0x108: /* Sandybridge */
|
|
+ case 0x150: case 0x154: case 0x158: /* Ivybridge */
|
|
+ case 0xa04: /* Haswell ULT */
|
|
+ case 0xc00: case 0xc04: case 0xc08: /* Haswell */
|
|
+ bar = pci_conf_read32(seg, bus, dev, func, 0x6c);
|
|
+ bar = (bar << 32) | pci_conf_read32(seg, bus, dev, func, 0x68);
|
|
+ pa = bar & 0x7fffff000; /* bits 12...38 */
|
|
+ if ( (bar & 1) && pa &&
|
|
+ page_is_ram_type(paddr_to_pfn(pa), RAM_TYPE_RESERVED) )
|
|
+ {
|
|
+ u32 __iomem *va = ioremap(pa, PAGE_SIZE);
|
|
+
|
|
+ if ( va )
|
|
+ {
|
|
+ __set_bit(0x1c8 * 8 + 20, va);
|
|
+ iounmap(va);
|
|
+ printk(XENLOG_INFO "Masked UR signaling on %04x:%02x:%02x.%u\n",
|
|
+ seg, bus, dev, func);
|
|
+ }
|
|
+ else
|
|
+ printk(XENLOG_ERR "Could not map %"PRIpaddr" for %04x:%02x:%02x.%u\n",
|
|
+ pa, seg, bus, dev, func);
|
|
+ }
|
|
+ else
|
|
+ printk(XENLOG_WARNING "Bogus DMIBAR %#"PRIx64" on %04x:%02x:%02x.%u\n",
|
|
+ bar, seg, bus, dev, func);
|
|
+ break;
|
|
}
|
|
}
|