xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (CVE-2015-8553)

2019-04-14 22:38:22 +02:00 · 2019-04-14 22:38:22 +02:00 · 4eef18f8b7
parent c4517a7e99
commit 4eef18f8b7
3 changed files with 61 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -811,6 +811,10 @@ linux (4.19.34-1) UNRELEASED; urgency=medium
  [ Bastian Blank ]
  * Don't longer recommend irqbalance. (closes: #926967)

+  [ Salvatore Bonaccorso ]
+  * xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
+    (CVE-2015-8553)
+
 -- Ben Hutchings <ben@decadent.org.uk>  Mon, 18 Mar 2019 22:50:08 +0000

 linux (4.19.28-2) unstable; urgency=medium
--- a/debian/patches/bugfix/all/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
+++ b/debian/patches/bugfix/all/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
@ -0,0 +1,56 @@
+From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Date: Wed, 13 Feb 2019 18:21:31 -0500
+Subject: xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
+Origin: https://git.kernel.org/linus/7681f31ec9cdacab4fd10570be924f2cef6669ba
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2015-8553
+Bug: http://xenbits.xen.org/xsa/advisory-120.html
+
+There is no need for this at all. Worst it means that if
+the guest tries to write to BARs it could lead (on certain
+platforms) to PCI SERR errors.
+
+Please note that with af6fc858a35b90e89ea7a7ee58e66628c55c776b
+"xen-pciback: limit guest control of command register"
+a guest is still allowed to enable those control bits (safely), but
+is not allowed to disable them and that therefore a well behaved
+frontend which enables things before using them will still
+function correctly.
+
+This is done via an write to the configuration register 0x4 which
+triggers on the backend side:
+command_write
+  \- pci_enable_device
+     \- pci_enable_device_flags
+        \- do_pci_enable_device
+           \- pcibios_enable_device
+              \-pci_enable_resourcess
+                [which enables the PCI_COMMAND_MEMORY|PCI_COMMAND_IO]
+
+However guests (and drivers) which don't do this could cause
+problems, including the security issues which XSA-120 sought
+to address.
+
+Reported-by: Jan Beulich <jbeulich@suse.com>
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Reviewed-by: Prarit Bhargava <prarit@redhat.com>
+Signed-off-by: Juergen Gross <jgross@suse.com>
+---
+ drivers/xen/xen-pciback/pciback_ops.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c
+index ea4a08b83fa0..787966f44589 100644
+--- a/drivers/xen/xen-pciback/pciback_ops.c
+++ b/drivers/xen/xen-pciback/pciback_ops.c
+@@ -127,8 +127,6 @@ void xen_pcibk_reset_device(struct pci_dev *dev)
+ 		if (pci_is_enabled(dev))
+ 			pci_disable_device(dev);
+ 
+-		pci_write_config_word(dev, PCI_COMMAND, 0);
+-
+ 		dev->is_busmaster = 0;
+ 	} else {
+ 		pci_read_config_word(dev, PCI_COMMAND, &cmd);
+-- 
+2.11.0
+
--- a/debian/patches/series
+++ b/debian/patches/series
@ -142,6 +142,7 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch

 # Security fixes
 debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
+bugfix/all/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch

 # Fix exported symbol versions
 bugfix/all/module-disable-matching-missing-version-crc.patch