[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 0/11] Xen PCI Passthrough security fixes



Hi all,

the following is a collection of QEMU security fixes for PCI Passthrough
on Xen. Non-Xen usages of QEMU are unaffected.

Although the CVEs have already been made public, given the large amount
of changes, I decided not to send a pull request without giving a chance
to the QEMU community to comment on the patches first.

Each patch has a detail description of what is trying to fix. You can
also cross-reference the CVE numbers.



Jan Beulich (11):
      xen: properly gate host writes of modified PCI CFG contents
      xen: don't allow guest to control MSI mask register
      xen/MSI-X: limit error messages
      xen/MSI: don't open-code pass-through of enable bit modifications
      xen/pt: consolidate PM capability emu_mask
      xen/pt: correctly handle PM status bit
      xen/pt: split out calculation of throughable mask in PCI config space 
handling
      xen/pt: mark all PCIe capability bits read-only
      xen/pt: mark reserved bits in PCI config space fields
      xen/pt: add a few PCI config space field descriptions
      xen/pt: unknown PCI config space fields should be read-only

 hw/pci/msi.c                |    4 -
 hw/xen/xen_pt.c             |   51 +++++++++-
 hw/xen/xen_pt.h             |    7 +-
 hw/xen/xen_pt_config_init.c |  235 ++++++++++++++++++++++++++++---------------
 hw/xen/xen_pt_msi.c         |   12 ++-
 include/hw/pci/pci_regs.h   |    2 +
 6 files changed, 217 insertions(+), 94 deletions(-)


Cheers,

Stefano

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.