APPLIED: [PATCH 1/1] [CVE-2012-1601] [LUCID] KVM: Ensure all vcpus are consistent with in-kernel irqchip settings
Stefan Bader
stefan.bader at canonical.com
Thu Apr 26 14:30:40 UTC 2012
On 26.04.2012 16:01, Tim Gardner wrote:
> On 04/25/2012 02:15 PM, Tim Gardner wrote:
>>
>
> Given the extra cherry-pick, I'm resubmitting these patches. Pay
> particular attention to kvm_arch_vm_ioctl() because my backport is
> slightly different then Brad's.
>
> rtg
@@ -2285,6 +2285,9 @@ long kvm_arch_vm_ioctl(struct file *filp,
}
} else
goto out;
+ r = -EINVAL;
+ if (atomic_read(&kvm->online_vcpus))
+ goto out;
r = kvm_setup_default_irq_routing(kvm);
if (r) {
kfree(kvm->arch.vpic);
That might be slightly too late. The original patch adds the exit before calling
kvm_create_pic. Beside of probably other checks missing and not using the mutex
at all, the version above would have created the pic before bailing out.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20120426/4f09226f/attachment.sig>
More information about the kernel-team
mailing list