Re: [Qemu-devel] [PATCH 0/11] Xen PCI Passthrough security fixes

[Stefano Stabellini]

On Tue, 2 Jun 2015, Stefano Stabellini wrote:
> Hi all,
> 
> the following is a collection of QEMU security fixes for PCI Passthrough
> on Xen. Non-Xen usages of QEMU are unaffected.
> 
> Although the CVEs have already been made public, given the large amount
> of changes, I decided not to send a pull request without giving a chance
> to the QEMU community to comment on the patches first.

Peter convinced me to send out a pull request immediately. If anybody
has any comments on the patches, we can still fix them up later or even
revert them if that becomes necessary.

I'll also apply the patches to all qemu-xen stable trees now.


> Each patch has a detail description of what is trying to fix. You can
> also cross-reference the CVE numbers.
> 
> 
> 
> Jan Beulich (11):
>       xen: properly gate host writes of modified PCI CFG contents
>       xen: don't allow guest to control MSI mask register
>       xen/MSI-X: limit error messages
>       xen/MSI: don't open-code pass-through of enable bit modifications
>       xen/pt: consolidate PM capability emu_mask
>       xen/pt: correctly handle PM status bit
>       xen/pt: split out calculation of throughable mask in PCI config space 
> handling
>       xen/pt: mark all PCIe capability bits read-only
>       xen/pt: mark reserved bits in PCI config space fields
>       xen/pt: add a few PCI config space field descriptions
>       xen/pt: unknown PCI config space fields should be read-only
> 
>  hw/pci/msi.c                |    4 -
>  hw/xen/xen_pt.c             |   51 +++++++++-
>  hw/xen/xen_pt.h             |    7 +-
>  hw/xen/xen_pt_config_init.c |  235 
> ++++++++++++++++++++++++++++---------------
>  hw/xen/xen_pt_msi.c         |   12 ++-
>  include/hw/pci/pci_regs.h   |    2 +
>  6 files changed, 217 insertions(+), 94 deletions(-)
> 
> 
> Cheers,
> 
> Stefano
>