ACK / APPLIED A: [X/Z/A SRU][PATCH v2 1/1] KVM: VMX: Do not BUG() on out-of-bounds guest IRQ

Seth Forshee seth.forshee at
Thu Sep 28 15:46:28 UTC 2017

On Thu, Sep 28, 2017 at 11:01:17PM +0800, Shrirang Bagul wrote:
> From: Jan H. Schönherr <jschoenh at>
> The value of the guest_irq argument to vmx_update_pi_irte() is
> ultimately coming from a KVM_IRQFD API call. Do not BUG() in
> vmx_update_pi_irte() if the value is out-of bounds. (Especially,
> since KVM as a whole seems to hang after that.)
> Instead, print a message only once if we find that we don't have a
> route for a certain IRQ (which can be out-of-bounds or within the
> array).
> This fixes CVE-2017-1000252.
> Fixes: efc644048ecde54 ("KVM: x86: Update IRTE for posted-interrupts")
> Signed-off-by: Jan H. Schönherr <jschoenh at>
> Signed-off-by: Paolo Bonzini <pbonzini at>
> (cherry picked from commit 3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb)
> Signed-off-by: Shrirang Bagul <shrirang.bagul at>

Acked-by: Seth Forshee <seth.forshee at>

Applied to artful/master-next, thanks.

More information about the kernel-team mailing list