[PATCH 1/1] [CVE-2012-1601] [HARDY] KVM: Ensure all vcpus are consistent with in-kernel irqchip settings

Tim Gardner tim.gardner at canonical.com
Wed Apr 25 19:19:40 UTC 2012


On 04/25/2012 01:11 PM, Brad Figg wrote:
> On 04/25/2012 12:05 PM, Tim Gardner wrote:
>> On 04/25/2012 11:53 AM, Brad Figg wrote:
>>> From: Avi Kivity <avi at redhat.com>
>>>
>>> CVE-2012-1601
>>>
>>> BugLink: http://bugs.launchpad.net/bugs/971685
>>>
>>> If some vcpus are created before KVM_CREATE_IRQCHIP, then
>>> irqchip_in_kernel() and vcpu->arch.apic will be inconsistent, leading
>>> to potential NULL pointer dereferences.
>>>
>>> Fix by:
>>> - ensuring that no vcpus are installed when KVM_CREATE_IRQCHIP is called
>>> - ensuring that a vcpu has an apic if it is installed after KVM_CREATE_IRQCHIP
>>>
>>> This is somewhat long winded because vcpu->arch.apic is created without
>>> kvm->lock held.
>>>
>>> Based on earlier patch by Michael Ellerman.
>>>
>>> Signed-off-by: Michael Ellerman <michael at ellerman.id.au>
>>> Signed-off-by: Avi Kivity <avi at redhat.com>
>>> (backported from commit 3e515705a1f46beb1c942bb8043c16f8ac7b1e9e upstream)
>>> Signed-off-by: Brad Figg <brad.figg at canonical.com>
>>> ---
>>>  arch/x86/kvm/x86.c       |    9 +++++++++
>>>  include/linux/kvm_host.h |    2 ++
>>>  virt/kvm/kvm_main.c      |    5 +++++
>>>  3 files changed, 16 insertions(+)
>>>
>>> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
>>> index 2085040..f036054 100644
>>> --- a/arch/x86/kvm/x86.c
>>> +++ b/arch/x86/kvm/x86.c
>>> @@ -1582,6 +1582,9 @@ long kvm_arch_vm_ioctl(struct file *filp,
>>>  		break;
>>>  	}
>>>  	case KVM_CREATE_IRQCHIP:
>>> +		r = -EINVAL;
>>> +		if (atomic_read(&kvm->online_vcpus))
> 
> Use here

Ah, missed that.

I await the updates for openvz and xen. Not sure if xen would be used,
but openvz likely is.


rtg


-- 
Tim Gardner tim.gardner at canonical.com




More information about the kernel-team mailing list