Google Git
Sign in
qemu / qemu / 81b23ef82cd1be29ca3d69ab7e98b5b5e55926ce
commit81b23ef82cd1be29ca3d69ab7e98b5b5e55926ce[log] [tgz]
authorJan Beulich <jbeulich@suse.com>Tue Mar 31 15:18:03 2015 +0100
committerPeter Maydell <peter.maydell@linaro.org>Thu Apr 09 23:37:21 2015 +0100
tree32abd64c12c5e0b8da5e524da43bad71095bbda2
parent6a460ed18a3fda0eb2d9c96b8b01817b4dcbded4 [diff]
xen: limit guest control of PCI command register

Otherwise the guest can abuse that control to cause e.g. PCIe
Unsupported Request responses (by disabling memory and/or I/O decoding
and subsequently causing [CPU side] accesses to the respective address
ranges), which (depending on system configuration) may be fatal to the
host.

This is CVE-2015-2756 / XSA-126.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Message-id: alpine.DEB.2.02.1503311510300.7690@kaball.uk.xensource.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 files changed
tree: 32abd64c12c5e0b8da5e524da43bad71095bbda2
  1. audio/
  2. backends/
  3. block/
  4. bsd-user/
  5. default-configs/
  6. disas/
  7. docs/
  8. fpu/
  9. fsdev/
  10. gdb-xml/
  11. hw/
  12. include/
  13. libcacard/
  14. libdecnumber/
  15. linux-headers/
  16. linux-user/
  17. migration/
  18. net/
  19. pc-bios/
  20. po/
  21. qapi/
  22. qga/
  23. qobject/
  24. qom/
  25. roms/
  26. scripts/
  27. slirp/
  28. stubs/
  29. sysconfigs/
  30. target-alpha/
  31. target-arm/
  32. target-cris/
  33. target-i386/
  34. target-lm32/
  35. target-m68k/
  36. target-microblaze/
  37. target-mips/
  38. target-moxie/
  39. target-openrisc/
  40. target-ppc/
  41. target-s390x/
  42. target-sh4/
  43. target-sparc/
  44. target-tricore/
  45. target-unicore32/
  46. target-xtensa/
  47. tcg/
  48. tests/
  49. trace/
  50. ui/
  51. util/
  52. dtc
  53. pixman
  54. .exrc
  55. .gitignore
  56. .gitmodules
  57. .mailmap
  58. .travis.yml
  59. accel.c
  60. aio-posix.c
  61. aio-win32.c
  62. arch_init.c
  63. async.c
  64. balloon.c
  65. block.c
  66. blockdev-nbd.c
  67. blockdev.c
  68. blockjob.c
  69. bootdevice.c
  70. bt-host.c
  71. bt-vhci.c
  72. Changelog
  73. CODING_STYLE
  74. configure
  75. COPYING
  76. COPYING.LIB
  77. coroutine-gthread.c
  78. coroutine-sigaltstack.c
  79. coroutine-ucontext.c
  80. coroutine-win32.c
  81. cpu-exec.c
  82. cpus.c
  83. cputlb.c
  84. device-hotplug.c
  85. device_tree.c
  86. disas.c
  87. dma-helpers.c
  88. dump.c
  89. exec.c
  90. gdbstub.c
  91. HACKING
  92. hmp-commands.hx
  93. hmp.c
  94. hmp.h
  95. iohandler.c
  96. ioport.c
  97. iothread.c
  98. kvm-all.c
  99. kvm-stub.c
  100. LICENSE
  101. main-loop.c
  102. MAINTAINERS
  103. Makefile
  104. Makefile.objs
  105. Makefile.target
  106. memory.c
  107. memory_mapping.c
  108. module-common.c
  109. monitor.c
  110. nbd.c
  111. numa.c
  112. os-posix.c
  113. os-win32.c
  114. page_cache.c
  115. qapi-schema.json
  116. qdev-monitor.c
  117. qdict-test-data.txt
  118. qemu-bridge-helper.c
  119. qemu-char.c
  120. qemu-coroutine-io.c
  121. qemu-coroutine-lock.c
  122. qemu-coroutine-sleep.c
  123. qemu-coroutine.c
  124. qemu-doc.texi
  125. qemu-img-cmds.hx
  126. qemu-img.c
  127. qemu-img.texi
  128. qemu-io-cmds.c
  129. qemu-io.c
  130. qemu-log.c
  131. qemu-nbd.c
  132. qemu-nbd.texi
  133. qemu-options-wrapper.h
  134. qemu-options.h
  135. qemu-options.hx
  136. qemu-seccomp.c
  137. qemu-tech.texi
  138. qemu-timer.c
  139. qemu.nsi
  140. qemu.sasl
  141. qjson.c
  142. qmp-commands.hx
  143. qmp.c
  144. qtest.c
  145. README
  146. rules.mak
  147. savevm.c
  148. softmmu_template.h
  149. spice-qemu-char.c
  150. tcg-runtime.c
  151. tci.c
  152. thread-pool.c
  153. thunk.c
  154. tpm.c
  155. trace-events
  156. translate-all.c
  157. translate-all.h
  158. user-exec.c
  159. VERSION
  160. version.rc
  161. vl.c
  162. xen-common-stub.c
  163. xen-common.c
  164. xen-hvm-stub.c
  165. xen-hvm.c
  166. xen-mapcache.c