Hi all,
the following is a collection of QEMU security fixes for PCI Passthrough
on Xen. Non-Xen usages of QEMU are unaffected.
Although the CVEs have already been made public, given the large amount
of changes, I decided not to send a pull request without giving a chance
to the QEMU community to comment on the patches first.
Each patch has a detail description of what is trying to fix. You can
also cross-reference the CVE numbers.
Jan Beulich (11):
xen: properly gate host writes of modified PCI CFG contents
xen: don't allow guest to control MSI mask register
xen/MSI-X: limit error messages
xen/MSI: don't open-code pass-through of enable bit modifications
xen/pt: consolidate PM capability emu_mask
xen/pt: correctly handle PM status bit
xen/pt: split out calculation of throughable mask in PCI config space
handling
xen/pt: mark all PCIe capability bits read-only
xen/pt: mark reserved bits in PCI config space fields
xen/pt: add a few PCI config space field descriptions
xen/pt: unknown PCI config space fields should be read-only
hw/pci/msi.c | 4 -
hw/xen/xen_pt.c | 51 +++++++++-
hw/xen/xen_pt.h | 7 +-
hw/xen/xen_pt_config_init.c | 235 ++++++++++++++++++++++++++++---------------
hw/xen/xen_pt_msi.c | 12 ++-
include/hw/pci/pci_regs.h | 2 +
6 files changed, 217 insertions(+), 94 deletions(-)
Cheers,
Stefano
