diff options
| author | Jan Beulich <JBeulich@suse.com> | 2015-03-11 16:51:17 +0300 |
|---|---|---|
| committer | David Vrabel <david.vrabel@citrix.com> | 2015-03-11 17:34:40 +0300 |
| commit | af6fc858a35b90e89ea7a7ee58e66628c55c776b (patch) | |
| tree | 5c794dd0eaf6b82cb5b46a05de14f77b41bb7b8a /drivers/xen/xen-pciback/conf_space.c | |
| parent | 85e40b0539b24518c8bdf63e2605c8522377d00f (diff) | |
xen-pciback: limit guest control of command register
Otherwise the guest can abuse that control to cause e.g. PCIe
Unsupported Request responses by disabling memory and/or I/O decoding
and subsequently causing (CPU side) accesses to the respective address
ranges, which (depending on system configuration) may be fatal to the
host.
Note that to alter any of the bits collected together as
PCI_COMMAND_GUEST permissive mode is now required to be enabled
globally or on the specific device.
This is CVE-2015-2150 / XSA-120.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Diffstat (limited to 'drivers/xen/xen-pciback/conf_space.c')
| -rw-r--r-- | drivers/xen/xen-pciback/conf_space.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/xen/xen-pciback/conf_space.c b/drivers/xen/xen-pciback/conf_space.c index 46ae0f9f02ad..75fe3d466515 100644 --- a/drivers/xen/xen-pciback/conf_space.c +++ b/drivers/xen/xen-pciback/conf_space.c @@ -16,7 +16,7 @@ #include "conf_space.h" #include "conf_space_quirks.h" -static bool permissive; +bool permissive; module_param(permissive, bool, 0644); /* This is where xen_pcibk_read_config_byte, xen_pcibk_read_config_word, |