git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Jan Beulich <JBeulich@suse.com>
	Wed, 11 Mar 2015 13:51:17 +0000 (13:51 +0000)
committer	Jiri Slaby <jslaby@suse.cz>
	Thu, 9 Apr 2015 11:14:14 +0000 (13:14 +0200)
commit	f82a9cff66e3158a3f86706ff55feba2b22ec8cb
tree	ae67d2540ccc28591c18fcf2b073279f89a6f543	tree
parent	bb025b7b02ffd75ce0ba0d81cf8a8e27d591c97f	commit \| diff

xen-pciback: limit guest control of command register

commit af6fc858a35b90e89ea7a7ee58e66628c55c776b upstream.

Otherwise the guest can abuse that control to cause e.g. PCIe
Unsupported Request responses by disabling memory and/or I/O decoding
and subsequently causing (CPU side) accesses to the respective address
ranges, which (depending on system configuration) may be fatal to the
host.

Note that to alter any of the bits collected together as
PCI_COMMAND_GUEST permissive mode is now required to be enabled
globally or on the specific device.

This is CVE-2015-2150 / XSA-120.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>

drivers/xen/xen-pciback/conf_space.c		diff \| blob \| blame \| history
drivers/xen/xen-pciback/conf_space.h		diff \| blob \| blame \| history
drivers/xen/xen-pciback/conf_space_header.c		diff \| blob \| blame \| history