xen/pt: unknown PCI config space fields should be read-only

... by default. Add a per-device "permissive" mode similar to pciback's to allow restoring previous behavior (and hence break security again, i.e. should be used only for trusted guests). This is part of XSA-131. Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>)
author: Jan Beulich <jbeulich@suse.com> 2015-06-02 15:07:01 +0000
committer: Stefano Stabellini <stefano.stabellini@eu.citrix.com> 2015-06-02 15:07:01 +0000
commit: c25bbf1545a53ac051f9e51d4140e397660c10ae (patch)
tree: 432c6332cb6fc1f64ebbf1210218cdfc060bc63f /hw/xen/xen_pt_config_init.c
parent: a88a3f887181605f4487a22bdfb7d87ffafde5d9 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
index 19f926b2cc..f3cf069b60 100644
--- a/hw/xen/xen_pt_config_init.c
+++ b/hw/xen/xen_pt_config_init.c
@@ -101,6 +101,10 @@ static uint32_t get_throughable_mask(const XenPCIPassthroughState *s,
 {
     uint32_t throughable_mask = ~(reg->emu_mask | reg->ro_mask);
 
+    if (!s->permissive) {
+        throughable_mask &= ~reg->res_mask;
+    }
+
     return throughable_mask & valid_mask;
 }
author	Jan Beulich <jbeulich@suse.com>	2015-06-02 15:07:01 +0000
committer	Stefano Stabellini <stefano.stabellini@eu.citrix.com>	2015-06-02 15:07:01 +0000
commit	c25bbf1545a53ac051f9e51d4140e397660c10ae (patch)
tree	432c6332cb6fc1f64ebbf1210218cdfc060bc63f /hw/xen/xen_pt_config_init.c
parent	a88a3f887181605f4487a22bdfb7d87ffafde5d9 (diff)