[PATCH 1/1] [CVE-2012-1601] [HARDY] KVM: Ensure all vcpus are consistent with in-kernel irqchip settings
Tim Gardner
tim.gardner at canonical.com
Wed Apr 25 19:19:40 UTC 2012
On 04/25/2012 01:11 PM, Brad Figg wrote:
> On 04/25/2012 12:05 PM, Tim Gardner wrote:
>> On 04/25/2012 11:53 AM, Brad Figg wrote:
>>> From: Avi Kivity <avi at redhat.com>
>>>
>>> CVE-2012-1601
>>>
>>> BugLink: http://bugs.launchpad.net/bugs/971685
>>>
>>> If some vcpus are created before KVM_CREATE_IRQCHIP, then
>>> irqchip_in_kernel() and vcpu->arch.apic will be inconsistent, leading
>>> to potential NULL pointer dereferences.
>>>
>>> Fix by:
>>> - ensuring that no vcpus are installed when KVM_CREATE_IRQCHIP is called
>>> - ensuring that a vcpu has an apic if it is installed after KVM_CREATE_IRQCHIP
>>>
>>> This is somewhat long winded because vcpu->arch.apic is created without
>>> kvm->lock held.
>>>
>>> Based on earlier patch by Michael Ellerman.
>>>
>>> Signed-off-by: Michael Ellerman <michael at ellerman.id.au>
>>> Signed-off-by: Avi Kivity <avi at redhat.com>
>>> (backported from commit 3e515705a1f46beb1c942bb8043c16f8ac7b1e9e upstream)
>>> Signed-off-by: Brad Figg <brad.figg at canonical.com>
>>> ---
>>> arch/x86/kvm/x86.c | 9 +++++++++
>>> include/linux/kvm_host.h | 2 ++
>>> virt/kvm/kvm_main.c | 5 +++++
>>> 3 files changed, 16 insertions(+)
>>>
>>> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
>>> index 2085040..f036054 100644
>>> --- a/arch/x86/kvm/x86.c
>>> +++ b/arch/x86/kvm/x86.c
>>> @@ -1582,6 +1582,9 @@ long kvm_arch_vm_ioctl(struct file *filp,
>>> break;
>>> }
>>> case KVM_CREATE_IRQCHIP:
>>> + r = -EINVAL;
>>> + if (atomic_read(&kvm->online_vcpus))
>
> Use here
Ah, missed that.
I await the updates for openvz and xen. Not sure if xen would be used,
but openvz likely is.
rtg
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list