xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
To: qemu-devel@nongnu.org
Cc: peter.maydell@linaro.org, xen-devel@lists.xensource.com,
	Jan Beulich <jbeulich@suse.com>,
	Stefano.Stabellini@eu.citrix.com
Subject: [PULL 04/11] xen/MSI: don't open-code pass-through of enable bit modifications
Date: Tue, 2 Jun 2015 16:40:21 +0100	[thread overview]
Message-ID: <1433259628-4611-4-git-send-email-stefano.stabellini@eu.citrix.com> (raw)
In-Reply-To: <alpine.DEB.2.02.1506021633010.19838@kaball.uk.xensource.com>

From: Jan Beulich <jbeulich@suse.com>

Without this the actual XSA-131 fix would cause the enable bit to not
get set anymore (due to the write back getting suppressed there based
on the OR of emu_mask, ro_mask, and res_mask).

Note that the fiddling with the enable bit shouldn't really be done by
qemu, but making this work right (via libxc and the hypervisor) will
require more extensive changes, which can be postponed until after the
security issue got addressed.

This is a preparatory patch for XSA-131.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
---
 hw/xen/xen_pt_config_init.c |   10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
index 68b8f22..436d0fd 100644
--- a/hw/xen/xen_pt_config_init.c
+++ b/hw/xen/xen_pt_config_init.c
@@ -1053,7 +1053,6 @@ static int xen_pt_msgctrl_reg_write(XenPCIPassthroughState *s,
     XenPTMSI *msi = s->msi;
     uint16_t writable_mask = 0;
     uint16_t throughable_mask = 0;
-    uint16_t raw_val;
 
     /* Currently no support for multi-vector */
     if (*val & PCI_MSI_FLAGS_QSIZE) {
@@ -1066,12 +1065,11 @@ static int xen_pt_msgctrl_reg_write(XenPCIPassthroughState *s,
     msi->flags |= cfg_entry->data & ~PCI_MSI_FLAGS_ENABLE;
 
     /* create value for writing to I/O device register */
-    raw_val = *val;
     throughable_mask = ~reg->emu_mask & valid_mask;
     *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
 
     /* update MSI */
-    if (raw_val & PCI_MSI_FLAGS_ENABLE) {
+    if (*val & PCI_MSI_FLAGS_ENABLE) {
         /* setup MSI pirq for the first time */
         if (!msi->initialized) {
             /* Init physical one */
@@ -1099,10 +1097,6 @@ static int xen_pt_msgctrl_reg_write(XenPCIPassthroughState *s,
         xen_pt_msi_disable(s);
     }
 
-    /* pass through MSI_ENABLE bit */
-    *val &= ~PCI_MSI_FLAGS_ENABLE;
-    *val |= raw_val & PCI_MSI_FLAGS_ENABLE;
-
     return 0;
 }
 
@@ -1301,7 +1295,7 @@ static XenPTRegInfo xen_pt_emu_reg_msi[] = {
         .size       = 2,
         .init_val   = 0x0000,
         .ro_mask    = 0xFF8E,
-        .emu_mask   = 0x017F,
+        .emu_mask   = 0x017E,
         .init       = xen_pt_msgctrl_reg_init,
         .u.w.read   = xen_pt_word_reg_read,
         .u.w.write  = xen_pt_msgctrl_reg_write,
-- 
1.7.10.4

  parent reply	other threads:[~2015-06-02 15:40 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-02 15:39 [PULL 0/11] Xen PCI Passthrough security fixes Stefano Stabellini
2015-06-02 15:40 ` [PULL 01/11] xen: properly gate host writes of modified PCI CFG contents Stefano Stabellini
2015-06-02 15:40 ` [PULL 02/11] xen: don't allow guest to control MSI mask register Stefano Stabellini
2015-06-02 15:40 ` [PULL 03/11] xen/MSI-X: limit error messages Stefano Stabellini
2015-06-02 15:40 ` Stefano Stabellini [this message]
2015-06-02 15:40 ` [PULL 05/11] xen/pt: consolidate PM capability emu_mask Stefano Stabellini
2015-06-02 15:40 ` [PULL 06/11] xen/pt: correctly handle PM status bit Stefano Stabellini
2015-06-02 15:40 ` [PULL 07/11] xen/pt: split out calculation of throughable mask in PCI config space handling Stefano Stabellini
2015-06-02 15:40 ` [PULL 08/11] xen/pt: mark all PCIe capability bits read-only Stefano Stabellini
2015-06-02 15:40 ` [PULL 09/11] xen/pt: mark reserved bits in PCI config space fields Stefano Stabellini
2015-06-02 15:40 ` [PULL 10/11] xen/pt: add a few PCI config space field descriptions Stefano Stabellini
2015-06-02 15:40 ` [PULL 11/11] xen/pt: unknown PCI config space fields should be read-only Stefano Stabellini
2015-06-02 16:43 ` [PULL 0/11] Xen PCI Passthrough security fixes Peter Maydell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1433259628-4611-4-git-send-email-stefano.stabellini@eu.citrix.com \
    --to=stefano.stabellini@eu.citrix.com \
    --cc=jbeulich@suse.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=xen-devel@lists.xensource.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).