rpms/qemu-kvm
7
0
Fork 0
Code Issues Pull Requests Releases Activity
beffde47a8
qemu-kvm/kvm-display-bochs-fix-pcie-support.patch
Danilo C. L. de Paula beffde47a8 * Mon Aug 19 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 4.1.0-2.el8 
- kvm-spec-Update-seavgabios-dependency.patch [bz#1725664]
- kvm-pc-Don-t-make-die-id-mandatory-unless-necessary.patch [bz#1741451]
- kvm-display-bochs-fix-pcie-support.patch [bz#1733977 bz#1740692]
- kvm-spapr-Reset-CAS-IRQ-subsystem-after-devices.patch [bz#1733977]
- kvm-spapr-xive-Fix-migration-of-hot-plugged-CPUs.patch [bz#1733977]
- kvm-riscv-roms-Fix-make-rules-for-building-sifive_u-bios.patch [bz#1733977 bz#1740692]
- kvm-Update-version-for-v4.1.0-release.patch [bz#1733977 bz#1740692]
- Resolves: bz#1725664
  (Update seabios dependency)
- Resolves: bz#1733977
  (Qemu core dumped: /home/ngu/qemu/hw/intc/xics_kvm.c:321: ics_kvm_set_irq: Assertion `kernel_xics_fd != -1' failed)
- Resolves: bz#1740692
  (Backport QEMU 4.1.0 rc5 & ga patches)
- Resolves: bz#1741451
  (Failed to hot-plug vcpus)
2019-08-19 15:50:32 +01:00

87 lines
3.2 KiB
Diff
Raw Blame History

From 8ba44c5854ab6e6feac8bc979f07ae241825673d Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Mon, 19 Aug 2019 08:54:15 +0100
Subject: [PATCH 3/7] display/bochs: fix pcie support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
Message-id: <f28bd8b4856b92e01d423efda42ac5530c6cd8be.1566204425.git.mrezanin@redhat.com>
Patchwork-id: 90060
O-Subject: [RHEL-AV-8.1 qemu-kvm PATCH 1/5] display/bochs: fix pcie support
Bugzilla: 1733977 1740692
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Yash Mankad <ymankad@redhat.com>
RH-Acked-by: Danilo de Paula <ddepaula@redhat.com>
From: Gerd Hoffmann <kraxel@redhat.com>
Set QEMU_PCI_CAP_EXPRESS unconditionally in init(), then clear it in
realize() in case the device is not connected to a PCIe bus.
This makes sure the pci config space allocation is big enough, so
accessing the PCIe extended config space doesn't overflow the pci
config space buffer.
PCI(e) config space is guest writable. Writes are limited by
write mask (which probably is also filled with random stuff),
so the guest can only flip enabled bits. But I suspect it
still might be exploitable, so rather serious because it might
be a host escape for the guest. On the other hand the device
is probably not yet in widespread use.
(For a QEMU version without this commit, a mitigation for the
bug is available: use "-device bochs-display" as a conventional pci
device only.)
Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20190812065221.20907-2-kraxel@redhat.com
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 5e7bcdcfe69ce0fad66012b2cfb2035003c37eef)
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
hw/display/bochs-display.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/hw/display/bochs-display.c b/hw/display/bochs-display.c
index 582133d..8e83b51 100644
--- a/hw/display/bochs-display.c
+++ b/hw/display/bochs-display.c
@@ -297,9 +297,10 @@ static void bochs_display_realize(PCIDevice *dev, Error **errp)
}
if (pci_bus_is_express(pci_get_bus(dev))) {
- dev->cap_present |= QEMU_PCI_CAP_EXPRESS;
ret = pcie_endpoint_cap_init(dev, 0x80);
assert(ret > 0);
+ } else {
+ dev->cap_present &= ~QEMU_PCI_CAP_EXPRESS;
}
memory_region_set_log(&s->vram, true, DIRTY_MEMORY_VGA);
@@ -322,11 +323,15 @@ static void bochs_display_set_big_endian_fb(Object *obj, bool value,
static void bochs_display_init(Object *obj)
{
+ PCIDevice *dev = PCI_DEVICE(obj);
+
/* Expose framebuffer byteorder via QOM */
object_property_add_bool(obj, "big-endian-framebuffer",
bochs_display_get_big_endian_fb,
bochs_display_set_big_endian_fb,
NULL);
+
+ dev->cap_present |= QEMU_PCI_CAP_EXPRESS;
}
static void bochs_display_exit(PCIDevice *dev)
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink