[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [linux-2.6.18-xen] pciback: don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set

  • To: xen-changelog@xxxxxxxxxxxxxxxxxxx
  • From: Xen patchbot-linux-2.6.18-xen <patchbot@xxxxxxx>
  • Date: Thu, 17 Dec 2015 14:44:05 +0000
  • Delivery-date: Thu, 17 Dec 2015 14:44:09 +0000
  • List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>
# HG changeset patch
# User Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
# Date 1450363356 -3600
# Node ID a2856e4ff93b7a8e70c1b2334375ac76d29e01d8
# Parent  ed2cdf550df2951119af3623cf67750cdeffad59
pciback: don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set

commit f598282f51 ("PCI: Fix the NIU MSI-X problem in a better way")
teaches us that dealing with MSI-X can be troublesome.

Further checks in the MSI-X architecture shows that if the
PCI_COMMAND_MEMORY bit is turned of in the PCI_COMMAND we
may not be able to access the BAR (since they are memory regions).

Since the MSI-X tables are located in there.. that can lead
to us causing PCIe errors. Inhibit us performing any
operation on the MSI-X unless the MEMORY bit is set.

Note that Xen hypervisor with:
"x86/MSI-X: access MSI-X table only after having enabled MSI-X"
will return:
xen_pciback: 0000:0a:00.1: error -6 enabling MSI-X for guest 3!

When the generic MSI code tries to setup the PIRQ without
MEMORY bit set. Which means with later versions of Xen
(4.6) this patch is not neccessary.

This is part of CVE-2015-8551 + CVE-2015-8552 / XSA-157.

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
Committed-by: Jan Beulich <jbeulich@xxxxxxxx>
---


diff -r ed2cdf550df2 -r a2856e4ff93b 
drivers/xen/pciback/conf_space_capability_msi.c
--- a/drivers/xen/pciback/conf_space_capability_msi.c   Thu Dec 17 15:41:47 
2015 +0100
+++ b/drivers/xen/pciback/conf_space_capability_msi.c   Thu Dec 17 15:42:36 
2015 +0100
@@ -47,6 +47,7 @@ int pciback_enable_msix(struct pciback_d
 {
        int i, result;
        struct msix_entry *entries;
+       u16 cmd;
 
        if (op->value > SH_INFO_MAX_VEC)
                return -EINVAL;
@@ -54,7 +55,12 @@ int pciback_enable_msix(struct pciback_d
        if (dev->msix_enabled)
                return -EALREADY;
 
-       if (dev->msi_enabled)
+       /*
+        * PCI_COMMAND_MEMORY must be enabled, otherwise we may not be able
+        * to access the BARs where the MSI-X entries reside.
+        */
+       pci_read_config_word(dev, PCI_COMMAND, &cmd);
+       if (dev->msi_enabled || !(cmd & PCI_COMMAND_MEMORY))
                return -ENXIO;
 
        entries = kmalloc(op->value * sizeof(*entries), GFP_KERNEL);

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.