1 files changed, 33 insertions, 0 deletions

diff --git a/gnu/packages/patches/qemu-CVE-2015-4106-pt5.patch b/gnu/packages/patches/qemu-CVE-2015-4106-pt5.patch
new file mode 100644
index 0000000000..e28a491689
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2015-4106-pt5.patch
@@ -0,0 +1,33 @@
+From 45ebe3916ab16f859ed930e92fbd52d84d5dcdaf Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Tue, 2 Jun 2015 15:07:01 +0000
+Subject: [PATCH] xen/pt: mark all PCIe capability bits read-only
+
+xen_pt_emu_reg_pcie[]'s PCI_EXP_DEVCAP needs to cover all bits as read-
+only to avoid unintended write-back (just a precaution, the field ought
+to be read-only in hardware).
+
+This is a preparatory patch for XSA-131.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+---
+ hw/xen/xen_pt_config_init.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
+index 3833b9e..9f6c00e 100644
+--- a/hw/xen/xen_pt_config_init.c
++++ b/hw/xen/xen_pt_config_init.c
+@@ -871,7 +871,7 @@ static XenPTRegInfo xen_pt_emu_reg_pcie[] = {
+         .offset     = PCI_EXP_DEVCAP,
+         .size       = 4,
+         .init_val   = 0x00000000,
+-        .ro_mask    = 0x1FFCFFFF,
++        .ro_mask    = 0xFFFFFFFF,
+         .emu_mask   = 0x10000000,
+         .init       = xen_pt_common_reg_init,
+         .u.dw.read  = xen_pt_long_reg_read,
+-- 
+2.2.1
+