ACK / APPLIED A: [X/Z/A SRU][PATCH v2 1/1] KVM: VMX: Do not BUG() on out-of-bounds guest IRQ
Seth Forshee
seth.forshee at canonical.com
Thu Sep 28 15:46:28 UTC 2017
On Thu, Sep 28, 2017 at 11:01:17PM +0800, Shrirang Bagul wrote:
> From: Jan H. Schönherr <jschoenh at amazon.de>
>
> The value of the guest_irq argument to vmx_update_pi_irte() is
> ultimately coming from a KVM_IRQFD API call. Do not BUG() in
> vmx_update_pi_irte() if the value is out-of bounds. (Especially,
> since KVM as a whole seems to hang after that.)
>
> Instead, print a message only once if we find that we don't have a
> route for a certain IRQ (which can be out-of-bounds or within the
> array).
>
> This fixes CVE-2017-1000252.
>
> Fixes: efc644048ecde54 ("KVM: x86: Update IRTE for posted-interrupts")
> Signed-off-by: Jan H. Schönherr <jschoenh at amazon.de>
> Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
> (cherry picked from commit 3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb)
> Signed-off-by: Shrirang Bagul <shrirang.bagul at canonical.com>
Acked-by: Seth Forshee <seth.forshee at canonical.com>
Applied to artful/master-next, thanks.
More information about the kernel-team
mailing list