xen-pciback: limit guest control of command register
authorJan Beulich <JBeulich@suse.com>
Wed, 11 Mar 2015 13:51:17 +0000 (13:51 +0000)
committerDavid Vrabel <david.vrabel@citrix.com>
Wed, 11 Mar 2015 14:34:40 +0000 (14:34 +0000)
commitaf6fc858a35b90e89ea7a7ee58e66628c55c776b
tree5c794dd0eaf6b82cb5b46a05de14f77b41bb7b8a
parent85e40b0539b24518c8bdf63e2605c8522377d00f
xen-pciback: limit guest control of command register

Otherwise the guest can abuse that control to cause e.g. PCIe
Unsupported Request responses by disabling memory and/or I/O decoding
and subsequently causing (CPU side) accesses to the respective address
ranges, which (depending on system configuration) may be fatal to the
host.

Note that to alter any of the bits collected together as
PCI_COMMAND_GUEST permissive mode is now required to be enabled
globally or on the specific device.

This is CVE-2015-2150 / XSA-120.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
drivers/xen/xen-pciback/conf_space.c
drivers/xen/xen-pciback/conf_space.h
drivers/xen/xen-pciback/conf_space_header.c