xen: add XSA-33 patch

1 files changed, 21 insertions, 0 deletions

diff --git a/main/xen/xsa33-4.2-unstable.patch b/main/xen/xsa33-4.2-unstable.patch
new file mode 100644
index 000000000..369d65bba
--- /dev/null
+++ b/main/xen/xsa33-4.2-unstable.patch
@@ -0,0 +1,21 @@
+VT-d: fix interrupt remapping source validation for devices behind
+legacy bridges
+
+Using SVT_VERIFY_BUS here doesn't make sense; native Linux also
+uses SVT_VERIFY_SID_SQ here instead.
+
+This is XSA-33 / CVE-2012-5634.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+
+--- a/xen/drivers/passthrough/vtd/intremap.c
++++ b/xen/drivers/passthrough/vtd/intremap.c
+@@ -466,7 +466,7 @@ static void set_msi_source_id(struct pci_dev *pdev, struct iremap_entry *ire)
+                 set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
+                             (bus << 8) | pdev->bus);
+             else if ( pdev_type(seg, bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE )
+-                set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16,
++                set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16,
+                             PCI_BDF2(bus, devfn));
+         }
+         break;