From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Michael S. Tsirkin" Subject: Re: [patch 2/3] KVM: x86: disallow KVM_{SET,GET}_LAPIC without in kernel irqchip Date: Tue, 27 Oct 2009 19:50:26 +0200 Message-ID: <20091027175026.GC14421@redhat.com> References: <20091027151042.118902183@redhat.com> <20091027151125.345664553@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: avi@redhat.com, kvm , stable@kernel.org To: Marcelo Tosatti Return-path: Received: from mx1.redhat.com ([209.132.183.28]:47955 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756444AbZJ0RxF (ORCPT ); Tue, 27 Oct 2009 13:53:05 -0400 Content-Disposition: inline In-Reply-To: <20091027151125.345664553@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: On Tue, Oct 27, 2009 at 01:10:44PM -0200, Marcelo Tosatti wrote: > Otherwise kvm might attempt to dereference a NULL pointer. > > CC: stable@kernel.org > Signed-off-by: Marcelo Tosatti > > Index: kvm/arch/x86/kvm/x86.c > =================================================================== > --- kvm.orig/arch/x86/kvm/x86.c > +++ kvm/arch/x86/kvm/x86.c > @@ -1815,6 +1815,9 @@ long kvm_arch_vcpu_ioctl(struct file *fi > > switch (ioctl) { > case KVM_GET_LAPIC: { > + r = -EINVAL; > + if (!irqchip_in_kernel(vcpu->kvm)) > + goto out; > lapic = kzalloc(sizeof(struct kvm_lapic_state), GFP_KERNEL); > > r = -ENOMEM; > @@ -1830,6 +1833,9 @@ long kvm_arch_vcpu_ioctl(struct file *fi > break; > } > case KVM_SET_LAPIC: { > + r = -EINVAL; > + if (!irqchip_in_kernel(vcpu->kvm)) > + goto out; > lapic = kmalloc(sizeof(struct kvm_lapic_state), GFP_KERNEL); > r = -ENOMEM; > if (!lapic) > Can the value of irqchip_in_kernel be changed by userspace after we have checked it? If yes, this check won't help ... > -- > To unsubscribe from this list: send the line "unsubscribe kvm" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html