[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] VT-d: don't permit SVT_NO_VERIFY entries for known device types

commit 63cec00679cc65ab5d5a9447a62d5202f155b78c
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Thu May 2 17:08:58 2013 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Thu May 2 17:08:58 2013 +0200

    VT-d: don't permit SVT_NO_VERIFY entries for known device types
    
    Only in cases where we don't know what to do we should leave the IRTE
    blank (suppressing all validation), but we should always log a warning
    in those cases (as being insecure).
    
    This is CVE-2013-1952 / XSA-49.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Acked-by: "Zhang, Xiantao" <xiantao.zhang@xxxxxxxxx>
---
 xen/drivers/passthrough/vtd/intremap.c |   14 +++++++++-----
 1 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/xen/drivers/passthrough/vtd/intremap.c 
b/xen/drivers/passthrough/vtd/intremap.c
index 880f15e..feaaed0 100644
--- a/xen/drivers/passthrough/vtd/intremap.c
+++ b/xen/drivers/passthrough/vtd/intremap.c
@@ -437,12 +437,9 @@ static void set_msi_source_id(struct pci_dev *pdev, struct 
iremap_entry *ire)
     {
         unsigned int sq;
 
+    case DEV_TYPE_PCIe_ENDPOINT:
     case DEV_TYPE_PCIe_BRIDGE:
     case DEV_TYPE_PCIe2PCI_BRIDGE:
-    case DEV_TYPE_LEGACY_PCI_BRIDGE:
-        break;
-
-    case DEV_TYPE_PCIe_ENDPOINT:
         switch ( pdev->phantom_stride )
         {
         case 1: sq = SQ_13_IGNORE_3; break;
@@ -454,6 +451,8 @@ static void set_msi_source_id(struct pci_dev *pdev, struct 
iremap_entry *ire)
         break;
 
     case DEV_TYPE_PCI:
+    case DEV_TYPE_LEGACY_PCI_BRIDGE:
+    case DEV_TYPE_PCI2PCIe_BRIDGE:
         ret = find_upstream_bridge(seg, &bus, &devfn, &secbus);
         if ( ret == 0 ) /* integrated PCI device */
         {
@@ -465,10 +464,15 @@ static void set_msi_source_id(struct pci_dev *pdev, 
struct iremap_entry *ire)
             if ( pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE )
                 set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
                             (bus << 8) | pdev->bus);
-            else if ( pdev_type(seg, bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE 
)
+            else
                 set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16,
                             PCI_BDF2(bus, devfn));
         }
+        else
+            dprintk(XENLOG_WARNING VTDPREFIX,
+                    "d%d: no upstream bridge for %04x:%02x:%02x.%u\n",
+                    pdev->domain->domain_id,
+                    seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn));
         break;
 
     default:
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.