xen: limit guest control of PCI command register
Otherwise the guest can abuse that control to cause e.g. PCIe
Unsupported Request responses (by disabling memory and/or I/O decoding
and subsequently causing [CPU side] accesses to the respective address
ranges), which (depending on system configuration) may be fatal to the
host.
This is CVE-2015-2756 / XSA-126.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
(cherry picked from commit
ab42b4408cb4fc4f869d73218e3d2034e6f5e8ac)
(cherry picked from commit
62e41581f69c3fd4a8f829a773015eb4c17f1f3e)
(cherry picked from commit
a03c5a74e1774aeabcda55ecbfb2887027787755)
projects / qemu-xen-4.3-testing.git / commit