From: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
Date: Mon, 23 Jan 2017 13:37:10 +0000 (+0530)
Subject: util: Forbid resetting non-endpoint devices
X-Git-Tag: CVE-2017-2635~252
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bd12889616c552a72ae4704f0e0d53cc6d9e7392;p=thirdparty%2Flibvirt.git

util: Forbid resetting non-endpoint devices

It is destructive to attempt reset on a pci- or cardbus-bridge, the
host can crash.  The bridges won't contain any guest data and neither
they can be passed through using vfio/stub.  So, no point in allowing a
reset on them.

Signed-off-by: Shivaprasad G Bhat <sbhat@linux.vnet.ibm.com>
---

diff --git a/src/util/virpci.c b/src/util/virpci.c
index 0601f496f5..3c1e13b6a5 100644
--- a/src/util/virpci.c
+++ b/src/util/virpci.c
@@ -933,6 +933,18 @@ virPCIDeviceReset(virPCIDevicePtr dev,
     char *drvName = NULL;
     int ret = -1;
     int fd = -1;
+    int hdrType = -1;
+
+    if (virPCIGetHeaderType(dev, &hdrType) < 0)
+        return -1;
+
+    if (hdrType != VIR_PCI_HEADER_ENDPOINT) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("Invalid attempt to reset PCI device %s. "
+                         "Only PCI endpoint devices can be reset"),
+                       dev->name);
+        return -1;
+    }
 
     if (activeDevs && virPCIDeviceListFind(activeDevs, dev)) {
         virReportError(VIR_ERR_INTERNAL_ERROR,