github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
be13cfbdf0
linux/drivers/xen
History
Jan Beulich 1c33522995 xen-pciback: limit guest control of command register 
commit af6fc858a3 upstream.

Otherwise the guest can abuse that control to cause e.g. PCIe
Unsupported Request responses by disabling memory and/or I/O decoding
and subsequently causing (CPU side) accesses to the respective address
ranges, which (depending on system configuration) may be fatal to the
host.

Note that to alter any of the bits collected together as
PCI_COMMAND_GUEST permissive mode is now required to be enabled
globally or on the specific device.

This is CVE-2015-2150 / XSA-120.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-03-26 15:00:59 +01:00
..
xen-pciback xen-pciback: limit guest control of command register 2015-03-26 15:00:59 +01:00
xenbus xenbus_client.c: correct exit path for xenbus_map_ring_valloc_hvm 2013-05-29 15:24:55 -04:00
xenfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
acpi.c
balloon.c xen: Fixed assignment error in if statement 2013-05-20 14:14:48 -04:00
biomerge.c
cpu_hotplug.c Xen: properly bound buffer access when parsing cpu/*/availability 2013-01-15 15:57:02 -05:00
dbgp.c xen: dbgp: Fix warning when CONFIG_PCI is not enabled. 2012-10-19 15:19:37 -04:00
events.c xen/events: mask events when changing their VCPU binding 2013-08-29 09:47:35 -07:00
evtchn.c xen/evtchn: avoid a deadlock when unbinding an event channel 2013-08-04 16:51:15 +08:00
fallback.c xen-pciback: notify hypervisor about devices intended to be assigned to guests 2013-03-22 10:20:55 -04:00
features.c
gntalloc.c mm: kill vma flag VM_RESERVED and mm->reserved_vm counter 2012-10-09 16:22:19 +09:00
gntdev.c xen/gntdev: remove erronous use of copy_to_user 2013-01-15 16:02:40 -05:00
grant-table.c xen/gnttab: leave lazy MMU mode in the case of a m2p override failure 2013-12-11 22:36:27 -08:00
Kconfig xen/tmem: Remove the usage of '[no|]selfballoon' and use 'tmem.selfballooning' bool instead. 2013-05-15 10:27:49 -04:00
Makefile xen/acpi: ACPI cpu hotplug 2013-02-19 22:02:29 -05:00
manage.c
mcelog.c
pci.c
pcpu.c Features: 2013-02-24 16:18:31 -08:00
platform-pci.c Drivers: xen: remove __dev* attributes. 2013-01-03 15:57:01 -08:00
privcmd.c xen/privcmd: fix condition in privcmd_close() 2013-05-15 10:23:40 -04:00
privcmd.h
swiotlb-xen.c Revert "swiotlb-xen: pass dev_addr to swiotlb_tbl_unmap_single" 2015-01-29 17:40:57 -08:00
sys-hypervisor.c xen: sysfs: fix build warning. 2012-10-19 15:17:51 -04:00
tmem.c xen/tmem: Don't over-write tmem_frontswap_poolid after tmem_frontswap_init set it. 2013-06-10 10:14:33 -04:00
xen-acpi-cpuhotplug.c xen/acpi: xen cpu hotplug minor updates 2013-02-25 07:44:29 -05:00
xen-acpi-memhotplug.c xen/acpi: xen memory hotplug minor updates 2013-02-25 07:44:21 -05:00
xen-acpi-pad.c ACPI: Remove useless type argument of driver .remove() operation 2013-01-26 00:37:24 +01:00
xen-acpi-processor.c xen: resolve section mismatch warnings in xen-acpi-processor 2013-04-19 10:44:23 -04:00
xen-balloon.c
xen-selfballoon.c xen/tmem: Don't use self[ballooning|shrinking] if frontswap is off. 2013-05-15 10:27:50 -04:00
xen-stub.c xen/acpi: remove redundant acpi/acpi_drivers.h include 2013-03-11 13:53:02 -04:00
xencomm.c