[Lucid][CVE][PATCH 2/2] KVM: add missing void __user * cast to access_ok() call

Thu Aug 15 11:52:23 UTC 2013

From: Heiko Carstens <heiko.carstens at de.ibm.com>

CVE-2013-1943

BugLink: http://bugs.launchpad.net/bugs/1191918

fa3d315a "KVM: Validate userspace_addr of memslot when registered" introduced
this new warning onn s390:

kvm_main.c: In function '__kvm_set_memory_region':
kvm_main.c:654:7: warning: passing argument 1 of '__access_ok' makes pointer from integer without a cast
arch/s390/include/asm/uaccess.h:53:19: note: expected 'const void *' but argument is of type '__u64'

Add the missing cast to get rid of it again...

Cc: Takuya Yoshikawa <yoshikawa.takuya at oss.ntt.co.jp>
Signed-off-by: Heiko Carstens <heiko.carstens at de.ibm.com>
Signed-off-by: Avi Kivity <avi at redhat.com>
(cherry picked from commit 9e3bb6b6f6a0c535eb053fbf0005a8e79e053374)
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 virt/kvm/kvm_main.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 2542058..c24dba7 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1192,7 +1192,9 @@ int __kvm_set_memory_region(struct kvm *kvm,
 	/* We can read the guest memory with __xxx_user() later on. */
 	if (user_alloc &&
 	    ((mem->userspace_addr & (PAGE_SIZE - 1)) ||
-	     !access_ok(VERIFY_WRITE, mem->userspace_addr, mem->memory_size)))
+	     !access_ok(VERIFY_WRITE,
+			(void __user *)(unsigned long)mem->userspace_addr,
+			mem->memory_size)))
 		goto out;
 	if (mem->slot >= KVM_MEMORY_SLOTS + KVM_PRIVATE_MEM_SLOTS)
 		goto out;
-- 
1.8.3.2



