[Acked] [Trusty][CVE-2015-4692] kvm: x86: fix kvm_apic_has_events to check for NULL pointer
Andy Whitcroft
apw at canonical.com
Wed Jul 1 08:49:54 UTC 2015
On Mon, Jun 29, 2015 at 02:11:35PM -0700, Kamal Mostafa wrote:
> From: Paolo Bonzini <pbonzini at redhat.com>
>
> commit ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009 upstream.
>
> Malicious (or egregiously buggy) userspace can trigger it, but it
> should never happen in normal operation.
>
> Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
> Reference: CVE-2015-4692
> Signed-off-by: Kamal Mostafa <kamal at canonical.com>
> ---
> arch/x86/kvm/lapic.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
> index c8b0d0d..fc87568 100644
> --- a/arch/x86/kvm/lapic.h
> +++ b/arch/x86/kvm/lapic.h
> @@ -165,7 +165,7 @@ static inline u16 apic_logical_id(struct kvm_apic_map *map, u32 ldr)
>
> static inline bool kvm_apic_has_events(struct kvm_vcpu *vcpu)
> {
> - return vcpu->arch.apic->pending_events;
> + return kvm_vcpu_has_lapic(vcpu) && vcpu->arch.apic->pending_events;
> }
>
> bool kvm_apic_pending_eoi(struct kvm_vcpu *vcpu, int vector);
The interface implemented by kvm_vcpu_has_lapic() is utterly opaque, I
am not 100% convinced it doesn't return true sometimes I might not
expect. But in the general case it does at least check the apic pointer
is valid, so it can only be an improvement.
Acked-by: Andy Whitcroft <apw at canonical.com>
-apw
More information about the kernel-team
mailing list