git.itanic.dy.fi Git - linux-stable/commit

author	Jan Beulich <JBeulich@suse.com>
	Wed, 11 Mar 2015 13:51:17 +0000 (13:51 +0000)
committer	Sasha Levin <sasha.levin@oracle.com>
	Sat, 28 Mar 2015 14:00:58 +0000 (10:00 -0400)
commit	c7fd1867c7d0626bf00373cec0f64b0ce4f4ec84
tree	9d5e1bd3214090c9c5dd2df7f43d4a6ad44be92c	tree \| snapshot
parent	72c7a8558c74d6162126547f1a89e54d94dcd86f	commit \| diff

xen-pciback: limit guest control of command register

[ Upstream commit af6fc858a35b90e89ea7a7ee58e66628c55c776b ]

Otherwise the guest can abuse that control to cause e.g. PCIe
Unsupported Request responses by disabling memory and/or I/O decoding
and subsequently causing (CPU side) accesses to the respective address
ranges, which (depending on system configuration) may be fatal to the
host.

Note that to alter any of the bits collected together as
PCI_COMMAND_GUEST permissive mode is now required to be enabled
globally or on the specific device.

This is CVE-2015-2150 / XSA-120.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>

drivers/xen/xen-pciback/conf_space.c		diff \| blob \| history
drivers/xen/xen-pciback/conf_space.h		diff \| blob \| history
drivers/xen/xen-pciback/conf_space_header.c		diff \| blob \| history