From: Gregory Haskins <ghaskins@novell.com>
To: mst@redhat.com
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
avi@redhat.com, davidel@xmailserver.org, mtosatti@redhat.com
Subject: [PATCH 2/2] kvm: validate irqfd type
Date: Wed, 27 May 2009 10:37:06 -0400 [thread overview]
Message-ID: <20090527143706.14024.14341.stgit@dev.haskins.net> (raw)
In-Reply-To: <20090527143251.14024.89090.stgit@dev.haskins.net>
We should be more vigilant in validating the fd type passed down for use
in irqfd. A malicious userspace could do something nasty like pass the
kvm fd which would cause problems such as a reference leak on the kvm
object on shutdown.
Therefore, we use the eventfd_fget() routine in place of the plain fget()
to at least make sure its of the proper type.
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Gregory Haskins <ghaskins@novell.com>
---
virt/kvm/eventfd.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/virt/kvm/eventfd.c b/virt/kvm/eventfd.c
index c63ff6a..f3f2ea1 100644
--- a/virt/kvm/eventfd.c
+++ b/virt/kvm/eventfd.c
@@ -27,6 +27,7 @@
#include <linux/poll.h>
#include <linux/file.h>
#include <linux/list.h>
+#include <linux/eventfd.h>
/*
* --------------------------------------------------------------------
@@ -102,7 +103,7 @@ kvm_assign_irqfd(struct kvm *kvm, int fd, int gsi)
/*
* Embed the file* lifetime in the irqfd.
*/
- file = fget(fd);
+ file = eventfd_fget(fd);
if (IS_ERR(file)) {
ret = PTR_ERR(file);
goto fail;
next prev parent reply other threads:[~2009-05-27 15:17 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-20 14:30 [KVM PATCH v10] kvm: add support for irqfd Gregory Haskins
2009-05-20 14:35 ` Avi Kivity
2009-05-26 16:42 ` Michael S. Tsirkin
2009-05-26 18:05 ` Gregory Haskins
2009-05-26 20:00 ` Davide Libenzi
2009-05-27 13:55 ` Michael S. Tsirkin
2009-05-27 14:06 ` Gregory Haskins
2009-05-27 14:36 ` [PATCH 0/2] kvm: validate irqfd type Gregory Haskins
2009-05-27 14:37 ` [PATCH 1/2] eventfd: export eventfd interfaces for module use Gregory Haskins
2009-05-27 14:37 ` Gregory Haskins [this message]
2009-05-27 15:06 ` [PATCH 0/2] kvm: validate irqfd type Gregory Haskins
2009-05-31 9:36 ` Avi Kivity
2009-05-27 18:41 ` [KVM PATCH v10] kvm: add support for irqfd Michael S. Tsirkin
2009-05-27 19:28 ` Davide Libenzi
2009-05-27 20:07 ` Gregory Haskins
2009-05-27 20:43 ` Michael S. Tsirkin
2009-05-27 20:46 ` Gregory Haskins
2009-06-11 13:16 ` Michael S. Tsirkin
2009-06-11 13:36 ` Michael S. Tsirkin
2009-06-14 12:25 ` Gregory Haskins
2009-06-14 13:20 ` Michael S. Tsirkin
2009-06-14 9:25 ` Michael S. Tsirkin
2009-06-14 12:40 ` Gregory Haskins
2009-06-14 13:19 ` Michael S. Tsirkin
2009-06-14 13:23 ` Avi Kivity
2009-06-14 13:30 ` Michael S. Tsirkin
2009-06-14 13:40 ` Avi Kivity
2009-06-14 13:50 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090527143706.14024.14341.stgit@dev.haskins.net \
--to=ghaskins@novell.com \
--cc=avi@redhat.com \
--cc=davidel@xmailserver.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=mtosatti@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox