xen-pciback: limit guest control of command register

Otherwise the guest can abuse that control to cause e.g. PCIe Unsupported Request responses by disabling memory and/or I/O decoding and subsequently causing (CPU side) accesses to the respective address ranges, which (depending on system configuration) may be fatal to the host. Note that to alter any of the bits collected together as PCI_COMMAND_GUEST permissive mode is now required to be enabled globally or on the specific device. This is CVE-2015-2150 / XSA-120. Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: <stable@vger.kernel.org> Signed-off-by: David Vrabel <david.vrabel@citrix.com>
author: Jan Beulich <JBeulich@suse.com> 2015-03-11 13:51:17 +0000
committer: David Vrabel <david.vrabel@citrix.com> 2015-03-11 14:34:40 +0000
commit: af6fc858a35b90e89ea7a7ee58e66628c55c776b (patch)
tree: 5c794dd0eaf6b82cb5b46a05de14f77b41bb7b8a /drivers/xen/xen-pciback/conf_space.c
parent: 85e40b0539b24518c8bdf63e2605c8522377d00f (diff)
download: linux-af6fc858a35b90e89ea7a7ee58e66628c55c776b.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/xen/xen-pciback/conf_space.c b/drivers/xen/xen-pciback/conf_space.c
index 46ae0f9f02ad..75fe3d466515 100644
--- a/drivers/xen/xen-pciback/conf_space.c
+++ b/drivers/xen/xen-pciback/conf_space.c
@@ -16,7 +16,7 @@
 #include "conf_space.h"
 #include "conf_space_quirks.h"
 
-static bool permissive;
+bool permissive;
 module_param(permissive, bool, 0644);
 
 /* This is where xen_pcibk_read_config_byte, xen_pcibk_read_config_word,
author	Jan Beulich <JBeulich@suse.com>	2015-03-11 13:51:17 +0000
committer	David Vrabel <david.vrabel@citrix.com>	2015-03-11 14:34:40 +0000
commit	af6fc858a35b90e89ea7a7ee58e66628c55c776b (patch)
tree	5c794dd0eaf6b82cb5b46a05de14f77b41bb7b8a /drivers/xen/xen-pciback/conf_space.c
parent	85e40b0539b24518c8bdf63e2605c8522377d00f (diff)
download	linux-af6fc858a35b90e89ea7a7ee58e66628c55c776b.tar.bz2