[PATCH 1/3] rtc: Allow including mc146818 rtc header from userspace

[PATCH 1/3] rtc: Allow including mc146818 rtc header from userspace

[Sasha Levin]

This patch moves kernel specific header includes into the kernel #ifdef-ed
section, thus allowing userspace to include this header directly.

Cc: Alessandro Zummo <a.zummo@towertech.it>
Cc: rtc-linux@googlegroups.com
Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
---
 include/linux/mc146818rtc.h |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

diff --git a/include/linux/mc146818rtc.h b/include/linux/mc146818rtc.h
index 2f4e957..49d93ff 100644
--- a/include/linux/mc146818rtc.h
+++ b/include/linux/mc146818rtc.h
@@ -11,11 +11,10 @@
 #ifndef _MC146818RTC_H
 #define _MC146818RTC_H
 
+#ifdef __KERNEL__
 #include <asm/io.h>
 #include <linux/rtc.h>			/* get the user-level API */
 #include <asm/mc146818rtc.h>		/* register access macros */
-
-#ifdef __KERNEL__
 #include <linux/spinlock.h>		/* spinlock_t */
 extern spinlock_t rtc_lock;		/* serialize CMOS RAM access */
 
-- 
1.7.8.rc3

[PATCH 2/3] kvm tools: Include RTC headers directly

[Sasha Levin]

This patch prevents the duplication of definitions between kernel headers
and KVM tool code.

Cc: Alessandro Zummo <a.zummo@towertech.it>
Cc: rtc-linux@googlegroups.com
Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
---
 tools/kvm/hw/rtc.c |   20 +-------------------
 1 files changed, 1 insertions(+), 19 deletions(-)

diff --git a/tools/kvm/hw/rtc.c b/tools/kvm/hw/rtc.c
index 6d4a05a..fad140f 100644
--- a/tools/kvm/hw/rtc.c
+++ b/tools/kvm/hw/rtc.c
@@ -4,25 +4,7 @@
 #include "kvm/kvm.h"
 
 #include <time.h>
-
-/*
- * MC146818 RTC registers
- */
-#define RTC_SECONDS			0x00
-#define RTC_SECONDS_ALARM		0x01
-#define RTC_MINUTES			0x02
-#define RTC_MINUTES_ALARM		0x03
-#define RTC_HOURS			0x04
-#define RTC_HOURS_ALARM			0x05
-#define RTC_DAY_OF_WEEK			0x06
-#define RTC_DAY_OF_MONTH		0x07
-#define RTC_MONTH			0x08
-#define RTC_YEAR			0x09
-
-#define RTC_REG_A			0x0A
-#define RTC_REG_B			0x0B
-#define RTC_REG_C			0x0C
-#define RTC_REG_D			0x0D
+#include <linux/mc146818rtc.h>
 
 struct rtc_device {
 	u8			cmos_idx;
-- 
1.7.8.rc3

[PATCH 3/3] kvm tools: Add boundry check for rtc cmos index

[Sasha Levin]

A guest could overwrite host memory by writing to cmos index bigger than 128.

This patch adds a boundry check to limit it to that size.

Cc: Alessandro Zummo <a.zummo@towertech.it>
Cc: rtc-linux@googlegroups.com
Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
---
 tools/kvm/hw/rtc.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/tools/kvm/hw/rtc.c b/tools/kvm/hw/rtc.c
index fad140f..1471521 100644
--- a/tools/kvm/hw/rtc.c
+++ b/tools/kvm/hw/rtc.c
@@ -50,6 +50,8 @@ static bool cmos_ram_data_in(struct ioport *ioport, struct kvm *kvm, u16 port, v
 		ioport__write8(data, bin2bcd(tm->tm_year));
 		break;
 	default:
+		if (rtc.cmos_idx >= 128)
+			break;
 		ioport__write8(data, rtc.cmos_data[rtc.cmos_idx]);
 		break;
 	}
@@ -65,6 +67,8 @@ static bool cmos_ram_data_out(struct ioport *ioport, struct kvm *kvm, u16 port,
 		/* Read-only */
 		break;
 	default:
+		if (rtc.cmos_idx >= 128)
+			break;
 		rtc.cmos_data[rtc.cmos_idx] = ioport__read8(data);
 		break;
 	}
-- 
1.7.8.rc3

Re: [PATCH 3/3] kvm tools: Add boundry check for rtc cmos index

[Pekka Enberg]

On Tue, 29 Nov 2011, Sasha Levin wrote:
> A guest could overwrite host memory by writing to cmos index bigger than 128.
>
> This patch adds a boundry check to limit it to that size.
>
> Cc: Alessandro Zummo <a.zummo@towertech.it>
> Cc: rtc-linux@googlegroups.com
> Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
> ---
> tools/kvm/hw/rtc.c |    4 ++++
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/tools/kvm/hw/rtc.c b/tools/kvm/hw/rtc.c
> index fad140f..1471521 100644
> --- a/tools/kvm/hw/rtc.c
> +++ b/tools/kvm/hw/rtc.c
> @@ -50,6 +50,8 @@ static bool cmos_ram_data_in(struct ioport *ioport, struct kvm *kvm, u16 port, v
> 		ioport__write8(data, bin2bcd(tm->tm_year));
> 		break;
> 	default:
> +		if (rtc.cmos_idx >= 128)
> +			break;
> 		ioport__write8(data, rtc.cmos_data[rtc.cmos_idx]);
> 		break;
> 	}
> @@ -65,6 +67,8 @@ static bool cmos_ram_data_out(struct ioport *ioport, struct kvm *kvm, u16 port,
> 		/* Read-only */
> 		break;
> 	default:
> +		if (rtc.cmos_idx >= 128)
> +			break;
> 		rtc.cmos_data[rtc.cmos_idx] = ioport__read8(data);
> 		break;
> 	}

We always clear highest bit in cmos_ram_index_out() so 'cmos_idx' can 
never be over 127.

 			Pekka

Re: [PATCH 3/3] kvm tools: Add boundry check for rtc cmos index

[Sasha Levin]

On Tue, 2011-11-29 at 15:07 +0200, Pekka Enberg wrote:
> On Tue, 29 Nov 2011, Sasha Levin wrote:
> > A guest could overwrite host memory by writing to cmos index bigger than 128.
> >
> > This patch adds a boundry check to limit it to that size.
> >
> > Cc: Alessandro Zummo <a.zummo@towertech.it>
> > Cc: rtc-linux@googlegroups.com
> > Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
> > ---
> > tools/kvm/hw/rtc.c |    4 ++++
> > 1 files changed, 4 insertions(+), 0 deletions(-)
> >
> > diff --git a/tools/kvm/hw/rtc.c b/tools/kvm/hw/rtc.c
> > index fad140f..1471521 100644
> > --- a/tools/kvm/hw/rtc.c
> > +++ b/tools/kvm/hw/rtc.c
> > @@ -50,6 +50,8 @@ static bool cmos_ram_data_in(struct ioport *ioport, struct kvm *kvm, u16 port, v
> > 		ioport__write8(data, bin2bcd(tm->tm_year));
> > 		break;
> > 	default:
> > +		if (rtc.cmos_idx >= 128)
> > +			break;
> > 		ioport__write8(data, rtc.cmos_data[rtc.cmos_idx]);
> > 		break;
> > 	}
> > @@ -65,6 +67,8 @@ static bool cmos_ram_data_out(struct ioport *ioport, struct kvm *kvm, u16 port,
> > 		/* Read-only */
> > 		break;
> > 	default:
> > +		if (rtc.cmos_idx >= 128)
> > +			break;
> > 		rtc.cmos_data[rtc.cmos_idx] = ioport__read8(data);
> > 		break;
> > 	}
> 
> We always clear highest bit in cmos_ram_index_out() so 'cmos_idx' can 
> never be over 127.

Right. Please ignore this patch :)

-- 

Sasha.