[X/Z SRU][PATCH 2/2] KVM: Don't accept obviously wrong gsi values via KVM_IRQFD
Shrirang Bagul
shrirang.bagul at canonical.com
Thu Sep 28 10:29:28 UTC 2017
From: Jan H. Schönherr <jschoenh at amazon.de>
We cannot add routes for gsi values >= KVM_MAX_IRQ_ROUTES -- see
kvm_set_irq_routing(). Hence, there is no sense in accepting them
via KVM_IRQFD. Prevent them from entering the system in the first
place.
This fixes CVE-2017-1000252.
Signed-off-by: Jan H. Schönherr <jschoenh at amazon.de>
Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
(cherry picked from commit 36ae3c0a36b7456432fedce38ae2f7bd3e01a563)
Signed-off-by: Shrirang Bagul <shrirang.bagul at canonical.com>
---
virt/kvm/eventfd.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/virt/kvm/eventfd.c b/virt/kvm/eventfd.c
index 49001fa84ead..ddc105a25a65 100644
--- a/virt/kvm/eventfd.c
+++ b/virt/kvm/eventfd.c
@@ -563,6 +563,8 @@ kvm_irqfd(struct kvm *kvm, struct kvm_irqfd *args)
{
if (args->flags & ~(KVM_IRQFD_FLAG_DEASSIGN | KVM_IRQFD_FLAG_RESAMPLE))
return -EINVAL;
+ if (args->gsi >= KVM_MAX_IRQ_ROUTES)
+ return -EINVAL;
if (args->flags & KVM_IRQFD_FLAG_DEASSIGN)
return kvm_irqfd_deassign(kvm, args);
--
2.11.0
More information about the kernel-team
mailing list