[PATCH][request for stable 3.10 inclusion]CVE-2015-4692

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH][request for stable 3.10 inclusion]CVE-2015-4692
@ 2015-07-29  4:56 Wang Kai
  2015-07-29  4:56 ` [PATCH] kvm: x86: fix kvm_apic_has_events to check for NULL pointer Wang Kai
  0 siblings, 1 reply; 4+ messages in thread
From: Wang Kai @ 2015-07-29  4:56 UTC (permalink / raw)
  To: gregkh; +Cc: stable, pbonzini

Hi, Greg

  Could you please apply this CVE fix for stable-3.10? Thanks.

Paolo Bonzini (1):
  kvm: x86: fix kvm_apic_has_events to check for NULL pointer

 arch/x86/kvm/lapic.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
1.8.3.4


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH] kvm: x86: fix kvm_apic_has_events to check for NULL pointer
  2015-07-29  4:56 [PATCH][request for stable 3.10 inclusion]CVE-2015-4692 Wang Kai
@ 2015-07-29  4:56 ` Wang Kai
  2015-07-29  8:19   ` Paolo Bonzini
  2015-08-14 16:58   ` Greg KH
  0 siblings, 2 replies; 4+ messages in thread
From: Wang Kai @ 2015-07-29  4:56 UTC (permalink / raw)
  To: gregkh; +Cc: stable, pbonzini

From: Paolo Bonzini <pbonzini@redhat.com>

commit ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009 upstream.

Malicious (or egregiously buggy) userspace can trigger it, but it
should never happen in normal operation.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[wangkai: backport to 3.10: adjust context]
Signed-off-by: Wang Kai <morgan.wang@huawei.com>
---
 arch/x86/kvm/lapic.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
index c8b0d0d..fc87568 100644
--- a/arch/x86/kvm/lapic.h
+++ b/arch/x86/kvm/lapic.h
@@ -165,7 +165,7 @@ static inline u16 apic_logical_id(struct kvm_apic_map *map, u32 ldr)
 
 static inline bool kvm_apic_has_events(struct kvm_vcpu *vcpu)
 {
-	return vcpu->arch.apic->pending_events;
+	return kvm_vcpu_has_lapic(vcpu) && vcpu->arch.apic->pending_events;
 }
 
 bool kvm_apic_pending_eoi(struct kvm_vcpu *vcpu, int vector);
-- 
1.8.3.4


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] kvm: x86: fix kvm_apic_has_events to check for NULL pointer
  2015-07-29  4:56 ` [PATCH] kvm: x86: fix kvm_apic_has_events to check for NULL pointer Wang Kai
@ 2015-07-29  8:19   ` Paolo Bonzini
  2015-08-14 16:58   ` Greg KH
  1 sibling, 0 replies; 4+ messages in thread
From: Paolo Bonzini @ 2015-07-29  8:19 UTC (permalink / raw)
  To: Wang Kai, gregkh; +Cc: stable



On 29/07/2015 06:56, Wang Kai wrote:
> From: Paolo Bonzini <pbonzini@redhat.com>
> 
> commit ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009 upstream.
> 
> Malicious (or egregiously buggy) userspace can trigger it, but it
> should never happen in normal operation.
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> [wangkai: backport to 3.10: adjust context]
> Signed-off-by: Wang Kai <morgan.wang@huawei.com>
> ---
>  arch/x86/kvm/lapic.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
> index c8b0d0d..fc87568 100644
> --- a/arch/x86/kvm/lapic.h
> +++ b/arch/x86/kvm/lapic.h
> @@ -165,7 +165,7 @@ static inline u16 apic_logical_id(struct kvm_apic_map *map, u32 ldr)
>  
>  static inline bool kvm_apic_has_events(struct kvm_vcpu *vcpu)
>  {
> -	return vcpu->arch.apic->pending_events;
> +	return kvm_vcpu_has_lapic(vcpu) && vcpu->arch.apic->pending_events;
>  }
>  
>  bool kvm_apic_pending_eoi(struct kvm_vcpu *vcpu, int vector);
> 

Ack.

Paolo

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] kvm: x86: fix kvm_apic_has_events to check for NULL pointer
  2015-07-29  4:56 ` [PATCH] kvm: x86: fix kvm_apic_has_events to check for NULL pointer Wang Kai
  2015-07-29  8:19   ` Paolo Bonzini
@ 2015-08-14 16:58   ` Greg KH
  1 sibling, 0 replies; 4+ messages in thread
From: Greg KH @ 2015-08-14 16:58 UTC (permalink / raw)
  To: Wang Kai; +Cc: stable, pbonzini

On Wed, Jul 29, 2015 at 04:56:34AM +0000, Wang Kai wrote:
> From: Paolo Bonzini <pbonzini@redhat.com>
> 
> commit ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009 upstream.
> 
> Malicious (or egregiously buggy) userspace can trigger it, but it
> should never happen in normal operation.
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> [wangkai: backport to 3.10: adjust context]

It needs to go to all stable trees, not just 3.10, so I've applied it to
the ones I manage.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2015-08-14 16:58 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-07-29  4:56 [PATCH][request for stable 3.10 inclusion]CVE-2015-4692 Wang Kai
2015-07-29  4:56 ` [PATCH] kvm: x86: fix kvm_apic_has_events to check for NULL pointer Wang Kai
2015-07-29  8:19   ` Paolo Bonzini
2015-08-14 16:58   ` Greg KH

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).