APPLIED: [PATCH 1/1] [CVE-2012-1601] [LUCID] KVM: Ensure all vcpus are consistent with in-kernel irqchip settings

Stefan Bader stefan.bader at
Thu Apr 26 14:30:40 UTC 2012

On 26.04.2012 16:01, Tim Gardner wrote:
> On 04/25/2012 02:15 PM, Tim Gardner wrote:
> Given the extra cherry-pick, I'm resubmitting these patches. Pay
> particular attention to kvm_arch_vm_ioctl() because my backport is
> slightly different then Brad's.
> rtg

@@ -2285,6 +2285,9 @@ long kvm_arch_vm_ioctl(struct file *filp,
 		} else
 			goto out;
+		r = -EINVAL;
+		if (atomic_read(&kvm->online_vcpus))
+			goto out;
 		r = kvm_setup_default_irq_routing(kvm);
 		if (r) {

That might be slightly too late. The original patch adds the exit before calling
kvm_create_pic. Beside of probably other checks missing and not using the mutex
at all, the version above would have created the pic before bailing out.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the kernel-team mailing list