xen-pciback: limit guest control of command register Otherwise the guest can abuse that control to cause e.g. PCIe Unsupported Request responses by disabling memory and/or I/O decoding and subsequently causing (CPU side) accesses to the respective address ranges, which (depending on system configuration) may be fatal to the host. Note that to alter any of the bits collected together as PCI_COMMAND_GUEST permissive mode is now required to be enabled globally or on the specific device. This is CVE-2015-2150 / XSA-120. Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: <stable@vger.kernel.org> Signed-off-by: David Vrabel <david.vrabel@citrix.com>

commit: af6fc858a35b90e89ea7a7ee58e66628c55c776b [log] [tgz]
author: Jan Beulich <JBeulich@suse.com> Wed Mar 11 13:51:17 2015 +0000
committer: David Vrabel <david.vrabel@citrix.com> Wed Mar 11 14:34:40 2015 +0000
tree: 5c794dd0eaf6b82cb5b46a05de14f77b41bb7b8a
parent: 85e40b0539b24518c8bdf63e2605c8522377d00f [diff] [blame]
diff --git a/drivers/xen/xen-pciback/conf_space.h b/drivers/xen/xen-pciback/conf_space.h
index e56c934..2e1d73d 100644
--- a/drivers/xen/xen-pciback/conf_space.h
+++ b/drivers/xen/xen-pciback/conf_space.h

@@ -64,6 +64,8 @@
 	void *data;
 };
 
+extern bool permissive;
+
 #define OFFSET(cfg_entry) ((cfg_entry)->base_offset+(cfg_entry)->field->offset)
 
 /* Add fields to a device - the add_fields macro expects to get a pointer to
commit	af6fc858a35b90e89ea7a7ee58e66628c55c776b	[log] [tgz]
author	Jan Beulich <JBeulich@suse.com>	Wed Mar 11 13:51:17 2015 +0000
committer	David Vrabel <david.vrabel@citrix.com>	Wed Mar 11 14:34:40 2015 +0000
tree	5c794dd0eaf6b82cb5b46a05de14f77b41bb7b8a
parent	85e40b0539b24518c8bdf63e2605c8522377d00f [diff] [blame]