From mboxrd@z Thu Jan  1 00:00:00 1970
From: Yang Zhang <yang.zhang.wz@gmail.com>
Subject: Re: [PATCH] kvm: use PIT channel index in hpet_legacy_start mode
Date: Thu, 7 Jan 2016 20:37:31 +0800
Message-ID: <568E5C0B.9010507@gmail.com>
References: <1452169950-14711-1-git-send-email-ppandit@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Paolo Bonzini <pbonzini@redhat.com>, P J P <pjp@fedoraproject.org>
To: P J P <ppandit@redhat.com>, kvm@vger.kernel.org
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail-pa0-f54.google.com ([209.85.220.54]:35118 "EHLO
	mail-pa0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752458AbcAGMhh (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 7 Jan 2016 07:37:37 -0500
Received: by mail-pa0-f54.google.com with SMTP id qh10so7884958pab.2
        for <kvm@vger.kernel.org>; Thu, 07 Jan 2016 04:37:37 -0800 (PST)
In-Reply-To: <1452169950-14711-1-git-send-email-ppandit@redhat.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 2016/1/7 20:32, P J P wrote:
> From: P J P <pjp@fedoraproject.org>
>
> While setting the KVM PIT counters in 'kvm_pit_load_count', if
> 'hpet_legacy_start' is set, the function disables the timer on
> channel[0], instead of the respective index 'channel'. Update it
> to use 'channel' index parameter.
>
> Signed-off-by: P J P <pjp@fedoraproject.org>
> ---
>   arch/x86/kvm/i8254.c | 7 ++++---
>   1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
> index 08116ff..154e936 100644
> --- a/arch/x86/kvm/i8254.c
> +++ b/arch/x86/kvm/i8254.c
> @@ -420,10 +420,11 @@ void kvm_pit_load_count(struct kvm *kvm, int channel, u32 val, int hpet_legacy_s
>   	u8 saved_mode;
>   	if (hpet_legacy_start) {
>   		/* save existing mode for later reenablement */
> -		saved_mode = kvm->arch.vpit->pit_state.channels[0].mode;
> -		kvm->arch.vpit->pit_state.channels[0].mode = 0xff; /* disable timer */
> +		saved_mode = kvm->arch.vpit->pit_state.channels[channel].mode;
> +		/* disable timer */
> +		kvm->arch.vpit->pit_state.channels[channel].mode = 0xff;
>   		pit_load_count(kvm, channel, val);
> -		kvm->arch.vpit->pit_state.channels[0].mode = saved_mode;
> +		kvm->arch.vpit->pit_state.channels[channel].mode = saved_mode;
>   	} else {
>   		pit_load_count(kvm, channel, val);
>   	}
>

Will this trigger the same issue like CVE-2015-7513 ?

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0185604c2d82c560dab2f2933a18f797e74ab5a8

-- 
best regards
yang