From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:46170) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YgXrj-0000Uw-Gz for qemu-devel@nongnu.org; Fri, 10 Apr 2015 08:16:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YgXrd-0002ir-UJ for qemu-devel@nongnu.org; Fri, 10 Apr 2015 08:16:55 -0400 Received: from mail-ie0-f177.google.com ([209.85.223.177]:33524) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YgXrd-0002ie-QJ for qemu-devel@nongnu.org; Fri, 10 Apr 2015 08:16:49 -0400 Received: by iebmp1 with SMTP id mp1so15225901ieb.0 for ; Fri, 10 Apr 2015 05:16:49 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: From: Peter Maydell Date: Fri, 10 Apr 2015 12:45:23 +0100 Message-ID: Content-Type: text/plain; charset=UTF-8 Subject: Re: [Qemu-devel] [PATCH][XSA-126] xen: limit guest control of PCI command register List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefano Stabellini Cc: Petr Matousek , QEMU Developers , "Michael S. Tsirkin" On 9 April 2015 at 19:10, Peter Maydell wrote: > On 31 March 2015 at 15:18, Stefano Stabellini > wrote: >> From: Jan Beulich >> >> Otherwise the guest can abuse that control to cause e.g. PCIe >> Unsupported Request responses (by disabling memory and/or I/O decoding >> and subsequently causing [CPU side] accesses to the respective address >> ranges), which (depending on system configuration) may be fatal to the >> host. >> >> This is CVE-2015-2756 / XSA-126. >> >> Signed-off-by: Jan Beulich >> Reviewed-by: Stefano Stabellini >> Acked-by: Ian Campbell > > Oops, this one got lost. I'm going to commit it to qemu master tomorrow > (so it will go in -rc3), unless there are objections (I can't > really tell from the thread what the conclusion of the discussion > was). Committed. -- PMM