summary refs log tree commit diff
path: root/gnu/packages/patches/qemu-CVE-2015-4106-pt6.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/qemu-CVE-2015-4106-pt6.patch')
-rw-r--r--gnu/packages/patches/qemu-CVE-2015-4106-pt6.patch89
1 files changed, 89 insertions, 0 deletions
diff --git a/gnu/packages/patches/qemu-CVE-2015-4106-pt6.patch b/gnu/packages/patches/qemu-CVE-2015-4106-pt6.patch
new file mode 100644
index 0000000000..8fff71e1c3
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2015-4106-pt6.patch
@@ -0,0 +1,89 @@
+From 0ad3393ad032f76e88b4dbd04d36ad84dff75dd6 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Tue, 2 Jun 2015 15:07:01 +0000
+Subject: [PATCH] xen/pt: mark reserved bits in PCI config space fields
+
+The adjustments are solely to make the subsequent patches work right
+(and hence make the patch set consistent), namely if permissive mode
+(introduced by the last patch) gets used (as both reserved registers
+and reserved fields must be similarly protected from guest access in
+default mode, but the guest should be allowed access to them in
+permissive mode).
+
+This is a preparatory patch for XSA-131.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+---
+ hw/xen/xen_pt.h             |  2 ++
+ hw/xen/xen_pt_config_init.c | 14 +++++++++-----
+ 2 files changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/hw/xen/xen_pt.h b/hw/xen/xen_pt.h
+index 8c9b6c2..f9795eb 100644
+--- a/hw/xen/xen_pt.h
++++ b/hw/xen/xen_pt.h
+@@ -101,6 +101,8 @@ struct XenPTRegInfo {
+     uint32_t offset;
+     uint32_t size;
+     uint32_t init_val;
++    /* reg reserved field mask (ON:reserved, OFF:defined) */
++    uint32_t res_mask;
+     /* reg read only field mask (ON:RO/ROS, OFF:other) */
+     uint32_t ro_mask;
+     /* reg emulate field mask (ON:emu, OFF:passthrough) */
+diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
+index 9f6c00e..efd8bac 100644
+--- a/hw/xen/xen_pt_config_init.c
++++ b/hw/xen/xen_pt_config_init.c
+@@ -578,7 +578,7 @@ static XenPTRegInfo xen_pt_emu_reg_header0[] = {
+         .offset     = PCI_COMMAND,
+         .size       = 2,
+         .init_val   = 0x0000,
+-        .ro_mask    = 0xF880,
++        .res_mask   = 0xF880,
+         .emu_mask   = 0x0743,
+         .init       = xen_pt_common_reg_init,
+         .u.w.read   = xen_pt_word_reg_read,
+@@ -603,7 +603,8 @@ static XenPTRegInfo xen_pt_emu_reg_header0[] = {
+         .offset     = PCI_STATUS,
+         .size       = 2,
+         .init_val   = 0x0000,
+-        .ro_mask    = 0x06FF,
++        .res_mask   = 0x0007,
++        .ro_mask    = 0x06F8,
+         .emu_mask   = 0x0010,
+         .init       = xen_pt_status_reg_init,
+         .u.w.read   = xen_pt_word_reg_read,
+@@ -980,7 +981,8 @@ static XenPTRegInfo xen_pt_emu_reg_pm[] = {
+         .offset     = PCI_PM_CTRL,
+         .size       = 2,
+         .init_val   = 0x0008,
+-        .ro_mask    = 0xE1FC,
++        .res_mask   = 0x00F0,
++        .ro_mask    = 0xE10C,
+         .emu_mask   = 0x810B,
+         .init       = xen_pt_common_reg_init,
+         .u.w.read   = xen_pt_word_reg_read,
+@@ -1268,7 +1270,8 @@ static XenPTRegInfo xen_pt_emu_reg_msi[] = {
+         .offset     = PCI_MSI_FLAGS,
+         .size       = 2,
+         .init_val   = 0x0000,
+-        .ro_mask    = 0xFF8E,
++        .res_mask   = 0xFE00,
++        .ro_mask    = 0x018E,
+         .emu_mask   = 0x017E,
+         .init       = xen_pt_msgctrl_reg_init,
+         .u.w.read   = xen_pt_word_reg_read,
+@@ -1446,7 +1449,8 @@ static XenPTRegInfo xen_pt_emu_reg_msix[] = {
+         .offset     = PCI_MSI_FLAGS,
+         .size       = 2,
+         .init_val   = 0x0000,
+-        .ro_mask    = 0x3FFF,
++        .res_mask   = 0x3800,
++        .ro_mask    = 0x07FF,
+         .emu_mask   = 0x0000,
+         .init       = xen_pt_msixctrl_reg_init,
+         .u.w.read   = xen_pt_word_reg_read,
+-- 
+2.2.1
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-30 00:38:40 +0000