[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [linux-2.6.18-xen] pciback: for XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled

  • To: xen-changelog@xxxxxxxxxxxxxxxxxxx
  • From: Xen patchbot-linux-2.6.18-xen <patchbot@xxxxxxx>
  • Date: Thu, 17 Dec 2015 14:44:05 +0000
  • Delivery-date: Thu, 17 Dec 2015 14:44:13 +0000
  • List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>
# HG changeset patch
# User Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
# Date 1450363307 -3600
# Node ID ed2cdf550df2951119af3623cf67750cdeffad59
# Parent  e364811cb319b2c69f8a70a5b19d0084e1e23a1e
pciback: for XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) 
enabled

Otherwise just continue on, returning the same values as
previously (return of 0, and op->result has the PIRQ value).

This does not change the behavior of XEN_PCI_OP_disable_msi[|x].

The pci_disable_msi or pci_disable_msix have the checks for
msi_enabled or msix_enabled so they will error out immediately.

However the guest can still call these operations and cause
us to disable the 'ack_intr'. That means the backend IRQ handler
for the legacy interrupt will not respond to interrupts anymore.

This will lead to (if the device is causing an interrupt storm)
for the Linux generic code to disable the interrupt line.

Naturally this will only happen if the device in question
is plugged in on the motherboard on shared level interrupt GSI.

This is part of CVE-2015-8551 + CVE-2015-8552 / XSA-157.

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
Reviewed-by: David Vrabel <david.vrabel@xxxxxxxxxx>
Committed-by: Jan Beulich <jbeulich@xxxxxxxx>
---


diff -r e364811cb319 -r ed2cdf550df2 
drivers/xen/pciback/conf_space_capability_msi.c
--- a/drivers/xen/pciback/conf_space_capability_msi.c   Thu Dec 17 15:40:35 
2015 +0100
+++ b/drivers/xen/pciback/conf_space_capability_msi.c   Thu Dec 17 15:41:47 
2015 +0100
@@ -35,7 +35,8 @@ int pciback_enable_msi(struct pciback_de
 int pciback_disable_msi(struct pciback_device *pdev,
                struct pci_dev *dev, struct xen_pci_op *op)
 {
-       pci_disable_msi(dev);
+       if (dev->msi_enabled)
+               pci_disable_msi(dev);
 
        op->value = dev->irq;
        return 0;
@@ -82,8 +83,8 @@ int pciback_enable_msix(struct pciback_d
 int pciback_disable_msix(struct pciback_device *pdev,
                struct pci_dev *dev, struct xen_pci_op *op)
 {
-
-       pci_disable_msix(dev);
+       if (dev->msix_enabled)
+               pci_disable_msix(dev);
 
        op->value = dev->irq;
        return 0;

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.