CVE-2024-58006

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()<br /> <br /> In commit 4284c88fff0e ("PCI: designware-ep: Allow pci_epc_set_bar() update<br /> inbound map address") set_bar() was modified to support dynamically<br /> changing the backing physical address of a BAR that was already configured.<br /> <br /> This means that set_bar() can be called twice, without ever calling<br /> clear_bar() (as calling clear_bar() would clear the BAR&amp;#39;s PCI address<br /> assigned by the host).<br /> <br /> This can only be done if the new BAR size/flags does not differ from the<br /> existing BAR configuration. Add these missing checks.<br /> <br /> If we allow set_bar() to set e.g. a new BAR size that differs from the<br /> existing BAR size, the new address translation range will be smaller than<br /> the BAR size already determined by the host, which would mean that a read<br /> past the new BAR size would pass the iATU untranslated, which could allow<br /> the host to read memory not belonging to the new struct pci_epf_bar.<br /> <br /> While at it, add comments which clarifies the support for dynamically<br /> changing the physical address of a BAR. (Which was also missing.)