1 files changed, 0 insertions, 122 deletions

diff --git a/sysutils/xen-tools/files/xsa131-qemuu-8.patch b/sysutils/xen-tools/files/xsa131-qemuu-8.patch
deleted file mode 100644
index 9537baf27d50..000000000000
--- a/sysutils/xen-tools/files/xsa131-qemuu-8.patch
+++ /dev/null
@@ -1,122 +0,0 @@
-xen/pt: unknown PCI config space fields should be read-only
-
-... by default. Add a per-device "permissive" mode similar to pciback's
-to allow restoring previous behavior (and hence break security again,
-i.e. should be used only for trusted guests).
-
-This is part of XSA-131.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
-Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>)
----
-Notes:
-- What purpose does xen_pt_header_type_reg_init() serve (with .emu_mask
-  being zero)?
-- In the qemu-trad case no equivalent logic to that setting/using
-  direct_pci_{msi_translate,power_mgmt} is being added, as that logic
-  seems broken (setting globals from device 0 xenstore settings).
-
---- a/hw/xen/xen_pt.c
-+++ b/hw/xen/xen_pt.c
-@@ -239,6 +239,7 @@ static void xen_pt_pci_write_config(PCID
-     XenPTReg *reg_entry = NULL;
-     uint32_t find_addr = addr;
-     XenPTRegInfo *reg = NULL;
-+    bool wp_flag = false;
- 
-     if (xen_pt_pci_config_access_check(d, addr, len)) {
-         return;
-@@ -280,6 +281,10 @@ static void xen_pt_pci_write_config(PCID
- 
-     /* pass directly to the real device for passthrough type register group */
-     if (reg_grp_entry == NULL) {
-+        if (!s->permissive) {
-+            wb_mask = 0;
-+            wp_flag = true;
-+        }
-         goto out;
-     }
- 
-@@ -300,12 +305,15 @@ static void xen_pt_pci_write_config(PCID
-             uint32_t real_offset = reg_grp_entry->base_offset + reg->offset;
-             uint32_t valid_mask = 0xFFFFFFFF >> ((4 - emul_len) << 3);
-             uint8_t *ptr_val = NULL;
-+            uint32_t wp_mask = reg->emu_mask | reg->ro_mask;
- 
-             valid_mask <<= (find_addr - real_offset) << 3;
-             ptr_val = (uint8_t *)&val + (real_offset & 3);
--            if (reg->emu_mask == (0xFFFFFFFF >> ((4 - reg->size) << 3))) {
--                wb_mask &= ~((reg->emu_mask
--                              >> ((find_addr - real_offset) << 3))
-+            if (!s->permissive) {
-+                wp_mask |= reg->res_mask;
-+            }
-+            if (wp_mask == (0xFFFFFFFF >> ((4 - reg->size) << 3))) {
-+                wb_mask &= ~((wp_mask >> ((find_addr - real_offset) << 3))
-                              << ((len - emul_len) << 3));
-             }
- 
-@@ -349,6 +357,16 @@ static void xen_pt_pci_write_config(PCID
-         } else {
-             /* nothing to do with passthrough type register,
-              * continue to find next byte */
-+            if (!s->permissive) {
-+                wb_mask &= ~(0xff << ((len - emul_len) << 3));
-+                /* Unused BARs will make it here, but we don't want to issue
-+                 * warnings for writes to them (bogus writes get dealt with
-+                 * above).
-+                 */
-+                if (index < 0) {
-+                    wp_flag = true;
-+                }
-+            }
-             emul_len--;
-             find_addr++;
-         }
-@@ -360,6 +378,13 @@ static void xen_pt_pci_write_config(PCID
-     memory_region_transaction_commit();
- 
- out:
-+    if (wp_flag && !s->permissive_warned) {
-+        s->permissive_warned = true;
-+        xen_pt_log(d, "Write-back to unknown field 0x%02x (partially) inhibited (0x%0*x)\n",
-+                   addr, len * 2, wb_mask);
-+        xen_pt_log(d, "If the device doesn't work, try enabling permissive mode\n");
-+        xen_pt_log(d, "(unsafe) and if it helps report the problem to xen-devel\n");
-+    }
-     for (index = 0; wb_mask; index += len) {
-         /* unknown regs are passed through */
-         while (!(wb_mask & 0xff)) {
-@@ -821,6 +846,7 @@ static void xen_pt_unregister_device(PCI
- 
- static Property xen_pci_passthrough_properties[] = {
-     DEFINE_PROP_PCI_HOST_DEVADDR("hostaddr", XenPCIPassthroughState, hostaddr),
-+    DEFINE_PROP_BOOL("permissive", XenPCIPassthroughState, permissive, false),
-     DEFINE_PROP_END_OF_LIST(),
- };
- 
---- a/hw/xen/xen_pt.h
-+++ b/hw/xen/xen_pt.h
-@@ -197,6 +197,8 @@ struct XenPCIPassthroughState {
- 
-     PCIHostDeviceAddress hostaddr;
-     bool is_virtfn;
-+    bool permissive;
-+    bool permissive_warned;
-     XenHostPCIDevice real_device;
-     XenPTRegion bases[PCI_NUM_REGIONS]; /* Access regions */
-     QLIST_HEAD(, XenPTRegGroup) reg_grps;
---- a/hw/xen/xen_pt_config_init.c
-+++ b/hw/xen/xen_pt_config_init.c
-@@ -101,6 +101,10 @@ static uint32_t get_throughable_mask(con
- {
-     uint32_t throughable_mask = ~(reg->emu_mask | reg->ro_mask);
- 
-+    if (!s->permissive) {
-+        throughable_mask &= ~reg->res_mask;
-+    }
-+
-     return throughable_mask & valid_mask;
- }
-