OVMSA-2015-0063 - xen security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2015-06-02 |
Description
[4.1.3-25.el5.127.36.12]
- xen/pt: unknown PCI config space fields should be read-only
... by default. Add a per-device 'permissive' mode similar to pciback's
to allow restoring previous behavior (and hence break security again,
i.e. should be used only for trusted guests).
This is part of XSA-131.
Signed-off-by: Jan Beulich
Acked-by: Stefano Stabellini
Reviewed-by: Anthony PERARD )
Acked-by: Chuck Anderson [bug 21164521] {CVE-2015-4106}
[4.1.3-25.el5.127.36.11]
- xen/pt: add a few PCI config space field descriptions
Since the next patch will turn all not explicitly described fields
read-only by default, those fields that have guest writable bits need
to be given explicit descriptors.
This is a preparatory patch for XSA-131.
Signed-off-by: Jan Beulich
Acked-by: Chuck Anderson [bug 21164521] {CVE-2015-4106}
[4.1.3-25.el5.127.36.10]
- xen/pt: mark reserved bits in PCI config space fields
The adjustments are solely to make the subsequent patches work right
(and hence make the patch set consistent), namely if permissive mode
(introduced by the last patch) gets used (as both reserved registers
and reserved fields must be similarly protected from guest access in
default mode, but the guest should be allowed access to them in
permissive mode).
This is a preparatory patch for XSA-131.
Signed-off-by: Jan Beulich
Acked-by: Chuck Anderson [bug 21164521] {CVE-2015-4106}
[4.1.3-25.el5.127.36.9]
- xen/pt: mark all PCIe capability bits read-only
xen_pt_emu_reg_pcie[]'s PCI_EXP_DEVCAP needs to cover all bits as read-
only to avoid unintended write-back (just a precaution, the field ought
to be read-only in hardware).
This is a preparatory patch for XSA-131.
Signed-off-by: Jan Beulich
Reviewed-by: Stefano Stabellini
Acked-by: Chuck Anderson [bug 21164521] {CVE-2015-4106}
[4.1.3-25.el5.127.36.8]
- xen/pt: split out calculation of throughable mask in PCI config space handling
This is just to avoid having to adjust that calculation later in
multiple places.
Note that including ->ro_mask in get_throughable_mask()'s calculation
is only an apparent (i.e. benign) behavioral change: For r/o fields it
doesn't matter > whether they get passed through - either the same flag
is also set in emu_mask (then there's no change at all) or the field is
r/o in hardware (and hence a write won't change it anyway).
This is a preparatory patch for XSA-131.
Signed-off-by: Jan Beulich
Acked-by: Stefano Stabellini
Reviewed-by: Anthony PERARD
Acked-by: Chuck Anderson [bug 21164521] {CVE-2015-4106}
[4.1.3-25.el5.127.36.7]
- xen/pt: correctly handle PM status bit
xen_pt_pmcsr_reg_write() needs an adjustment to deal with the RW1C
nature of the not passed through bit 15 (PCI_PM_CTRL_PME_STATUS).
This is a preparatory patch for XSA-131.
Signed-off-by: Jan Beulich
Reviewed-by: Stefano Stabellini
Acked-by: Chuck Anderson [bug 21164521] {CVE-2015-4106}
[4.1.3-25.el5.127.36.6]
- xen/pt: consolidate PM capability emu_mask
There's no point in xen_pt_pmcsr_reg_{read,write}() each ORing
PCI_PM_CTRL_STATE_MASK and PCI_PM_CTRL_NO_SOFT_RESET into a local
emu_mask variable - we can have the same effect by setting the field
descriptor's emu_mask member suitably right away. Note that
xen_pt_pmcsr_reg_write() is being retained in order to allow later
patches to be less intrusive.
This is a preparatory patch for XSA-131.
Signed-off-by: Jan Beulich
Acked-by: Stefano Stabellini
Acked-by: Ian Campbell
Acked-by: Chuck Anderson [bug 21164521] {CVE-2015-4106}
[4.1.3-25.el5.127.36.5]
- xen/MSI: don't open-code pass-through of enable bit modifications
Without this the actual XSA-131 fix would cause the enable bit to not
get set anymore (due to the write back getting suppressed there based
on the OR of emu_mask, ro_mask, and res_mask).
Note that the fiddling with the enable bit shouldn't really be done by
qemu, but making this work right (via libxc and the hypervisor) will
require more extensive changes, which can be postponed until after the
security issue got addressed.
This is a preparatory patch for XSA-131.
Signed-off-by: Jan Beulich
Acked-by: Stefano Stabellini
Acked-by: Chuck Anderson [bug 21164521] {CVE-2015-4106}
[4.1.3-25.el5.127.36.4]
- xen/MSI-X: disable logging by default
... to avoid allowing the guest to cause the control domain's disk to
fill.
This is XSA-130.
Signed-off-by: Jan Beulich
Reviewed-by: Stefano Stabellini
Acked-by: Chuck Anderson [bug 21159400] {CVE-2015-4105}
[4.1.3-25.el5.127.36.3]
- xen: don't allow guest to control MSI mask register
It's being used by the hypervisor. For now simply mimic a device not
capable of masking, and fully emulate any accesses a guest may issue
nevertheless as simple reads/writes without side effects.
This is XSA-129.
Signed-off-by: Jan Beulich
Reviewed-by: Stefano Stabellini
Acked-by: Chuck Anderson [bug 21158675] {CVE-2015-4104}
[4.1.3-25.el5.127.36.2]
- xen: properly gate host writes of modified PCI CFG contents
The old logic didn't work as intended when an access spanned multiple
fields (for example a 32-bit access to the location of the MSI Message
Data field with the high 16 bits not being covered by any known field).
Remove it and derive which fields not to write to from the accessed
fields' emulation masks: When they're all ones, there's no point in
doing any host write.
This fixes a secondary issue at once: We obviously shouldn't make any
host write attempt when already the host read failed.
This is XSA-128.
Signed-off-by: Jan Beulich
Reviewed-by: Stefano Stabellini
Conflicts:
tools/ioemu-remote/hw/pass-through.c
Acked-by: Chuck Anderson [bug 21157417] {CVE-2015-4103}
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle VM 3.2 (x86_64) | xen-4.1.3-25.el5.127.36.12.src.rpm | 657a1725241e88f1922713ba2004179add28bad9eba1badf49d608d886a5d7b1 | OVMBA-2024-0012 | ovm3_3.2.1_x86_64_patch |
| xen-4.1.3-25.el5.127.36.12.x86_64.rpm | 533cfa11ec514cd4709ac6ac880206c0e9d1799e450f52f84de4c90db3f10f3c | OVMBA-2024-0012 | ovm3_3.2.1_x86_64_patch |
| xen-devel-4.1.3-25.el5.127.36.12.x86_64.rpm | ec22bf42bc27ebbf1afa43760dad1ba2d6bb5112fa39862cf85242ca82dedaca | OVMSA-2019-0048 | ovm3_3.2.1_x86_64_patch |
| xen-tools-4.1.3-25.el5.127.36.12.x86_64.rpm | c6cbc54b0e9642059e9ed659fed7bb9e5faab29fa56736bdf52c4415b6b822c5 | OVMBA-2024-0012 | ovm3_3.2.1_x86_64_patch |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
