XSA-155 and XSA-157 fixes missing from some stable Linux trees

XSA-155 and XSA-157 fixes missing from some stable Linux trees

[Jan Beulich]

Hello,

it's been puzzling me for a while that these fixes, despite having the
necessary Cc, did not make it into (at least) 4.1.y and 3.12.y yet.
Unless there's a specific reason, may I ask for inclusion of

CVE-2015-8550 / XSA-155:

454d5d882c xen: Add RING_COPY_REQUEST()
0f589967a7 xen-netback: don't use last request to determine minimum Tx credit
68a33bfd84 xen-netback: use RING_COPY_REQUEST() throughout
1f13d75ccb xen-blkback: only read request operation from shared ring once
1877914910 xen-blkback: read from indirect descriptors only once
be69746ec1 xen-scsiback: safely copy requests
8135cf8b092 xen/pciback: Save xen_pci_op commands before processing it

plus the follow-up fix

d159457b84 xen/pciback: Save the number of MSI-X entries to be copied later.

CVE-2015-8551, CVE-2015-8552 / XSA-157:

56441f3c8e xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled
5e0ce1455c xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI or MSI-X enabled
a396f3a210 xen/pciback: Do not install an IRQ handler for MSI interrupts.
7cfb905b96 xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled.
408fb0e5aa xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.

plus the follow-up fix

8d47065f7d xen/pciback: Check PF instead of VF for PCI_COMMAND_MEMORY

Thanks, Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: XSA-155 and XSA-157 fixes missing from some stable Linux trees

[Jan Beulich]

>>> On 16.03.16 at 10:35, <jslaby@suse.cz> wrote:
> On 03/16/2016, 10:25 AM, Jan Beulich wrote:
>> Hello,
>> 
>> it's been puzzling me for a while that these fixes, despite having the
>> necessary Cc, did not make it into (at least) 4.1.y and 3.12.y yet.
>> Unless there's a specific reason, may I ask for inclusion of
>> 
>> CVE-2015-8550 / XSA-155:
>> 
>> 454d5d882c xen: Add RING_COPY_REQUEST()
>> 0f589967a7 xen-netback: don't use last request to determine minimum Tx credit
> 
> Applied these two to 3.12. W/ slight update of the latter.
> 
>> 68a33bfd84 xen-netback: use RING_COPY_REQUEST() throughout
> 
> This does not apply cleanly and needs a backport. So I stopped here.

I'd defer to the maintainers of that code for doing so.

The subsequent ones are independent of this though, so it would
seem possible/reasonable to apply some or all of those that don't
require backports even if the one above doesn't apply cleanly.
Iirc at least the scsiback one might also need a backport, but that
again wouldn't hinder the pciback ones going in.

>> 1f13d75ccb xen-blkback: only read request operation from shared ring once
>> 1877914910 xen-blkback: read from indirect descriptors only once
>> be69746ec1 xen-scsiback: safely copy requests
>> 8135cf8b092 xen/pciback: Save xen_pci_op commands before processing it
>> 
>> plus the follow-up fix
>> 
>> d159457b84 xen/pciback: Save the number of MSI-X entries to be copied later.
> 
> 
> 
>> CVE-2015-8551, CVE-2015-8552 / XSA-157:
> 
> The fixes for this one applied all cleanly, applied to 3.12.

Thanks!

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: XSA-155 and XSA-157 fixes missing from some stable Linux trees

[Jiri Slaby]

On 03/16/2016, 10:25 AM, Jan Beulich wrote:
> Hello,
> 
> it's been puzzling me for a while that these fixes, despite having the
> necessary Cc, did not make it into (at least) 4.1.y and 3.12.y yet.
> Unless there's a specific reason, may I ask for inclusion of
> 
> CVE-2015-8550 / XSA-155:
> 
> 454d5d882c xen: Add RING_COPY_REQUEST()
> 0f589967a7 xen-netback: don't use last request to determine minimum Tx credit

Applied these two to 3.12. W/ slight update of the latter.

> 68a33bfd84 xen-netback: use RING_COPY_REQUEST() throughout

This does not apply cleanly and needs a backport. So I stopped here.

> 1f13d75ccb xen-blkback: only read request operation from shared ring once
> 1877914910 xen-blkback: read from indirect descriptors only once
> be69746ec1 xen-scsiback: safely copy requests
> 8135cf8b092 xen/pciback: Save xen_pci_op commands before processing it
> 
> plus the follow-up fix
> 
> d159457b84 xen/pciback: Save the number of MSI-X entries to be copied later.



> CVE-2015-8551, CVE-2015-8552 / XSA-157:

The fixes for this one applied all cleanly, applied to 3.12.

> 56441f3c8e xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled
> 5e0ce1455c xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI or MSI-X enabled
> a396f3a210 xen/pciback: Do not install an IRQ handler for MSI interrupts.
> 7cfb905b96 xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled.
> 408fb0e5aa xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
> 
> plus the follow-up fix
> 
> 8d47065f7d xen/pciback: Check PF instead of VF for PCI_COMMAND_MEMORY

thanks,
-- 
js
suse labs

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel