From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jan Kiszka <jan.kiszka@web.de>
Subject: [PATCH] qemu-kvm: Work around borken MSR_GET_INDEX_LIST
Date: Thu, 02 Jul 2009 21:50:49 +0200
Message-ID: <4A4D0F99.2030604@web.de>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enigB57D96A36B8FEF6C820EA6C9"
Cc: kvm-devel <kvm@vger.kernel.org>
To: Avi Kivity <avi@redhat.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from fmmailgate01.web.de ([217.72.192.221]:53418 "EHLO
	fmmailgate01.web.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751012AbZGBTu4 (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 2 Jul 2009 15:50:56 -0400
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigB57D96A36B8FEF6C820EA6C9
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

Allocate enough memory for KVM_GET_MSR_INDEX_LIST as older kernels shot
far beyond their limits, corrupting user space memory.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---

 qemu-kvm-x86.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/qemu-kvm-x86.c b/qemu-kvm-x86.c
index d6735c1..e528acb 100644
--- a/qemu-kvm-x86.c
+++ b/qemu-kvm-x86.c
@@ -349,7 +349,10 @@ struct kvm_msr_list *kvm_get_msr_list(kvm_context_t =
kvm)
 	r =3D ioctl(kvm->fd, KVM_GET_MSR_INDEX_LIST, &sizer);
 	if (r =3D=3D -1 && errno !=3D E2BIG)
 		return NULL;
-	msrs =3D malloc(sizeof *msrs + sizer.nmsrs * sizeof *msrs->indices);
+	/* Old kernel modules had a bug and could write beyond the provided
+	   memory. Allocate at least a safe amount of 1K. */
+	msrs =3D malloc(MAX(1024, sizeof(*msrs) +
+				sizer.nmsrs * sizeof(*msrs->indices)));
 	if (!msrs) {
 		errno =3D ENOMEM;
 		return NULL;


--------------enigB57D96A36B8FEF6C820EA6C9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iEYEARECAAYFAkpND5kACgkQniDOoMHTA+n5xQCfbXAMjdrCDhcP6A3TexaepetK
lfUAn3V+/7NYebXj2oMQH7sB3oRWqVI6
=P6EA
-----END PGP SIGNATURE-----

--------------enigB57D96A36B8FEF6C820EA6C9--