Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 819526,
    "url": "http://patchwork.ozlabs.org/api/patches/819526/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/ubuntu-kernel/patch/20170928102928.14992-2-shrirang.bagul@canonical.com/",
    "project": {
        "id": 15,
        "url": "http://patchwork.ozlabs.org/api/projects/15/?format=api",
        "name": "Ubuntu Kernel",
        "link_name": "ubuntu-kernel",
        "list_id": "kernel-team.lists.ubuntu.com",
        "list_email": "kernel-team@lists.ubuntu.com",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null,
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20170928102928.14992-2-shrirang.bagul@canonical.com>",
    "list_archive_url": null,
    "date": "2017-09-28T10:29:27",
    "name": "[X/Z,SRU,1/2] KVM: VMX: Do not BUG() on out-of-bounds guest IRQ",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "ef1f816f64aea465476155f0f768a1346e6cef8e",
    "submitter": {
        "id": 69376,
        "url": "http://patchwork.ozlabs.org/api/people/69376/?format=api",
        "name": "Shrirang Bagul",
        "email": "shrirang.bagul@canonical.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/ubuntu-kernel/patch/20170928102928.14992-2-shrirang.bagul@canonical.com/mbox/",
    "series": [
        {
            "id": 5533,
            "url": "http://patchwork.ozlabs.org/api/series/5533/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/ubuntu-kernel/list/?series=5533",
            "date": "2017-09-28T10:29:26",
            "name": "Fix CVE-2017-1000252",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/5533/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/819526/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/819526/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<kernel-team-bounces@lists.ubuntu.com>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org",
        "Authentication-Results": "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com\n\t(client-ip=91.189.94.19; helo=huckleberry.canonical.com;\n\tenvelope-from=kernel-team-bounces@lists.ubuntu.com;\n\treceiver=<UNKNOWN>)",
        "Received": [
            "from huckleberry.canonical.com (huckleberry.canonical.com\n\t[91.189.94.19])\n\tby ozlabs.org (Postfix) with ESMTP id 3y2rXm5Mt7z9tXv;\n\tThu, 28 Sep 2017 20:29:44 +1000 (AEST)",
            "from localhost ([127.0.0.1] helo=huckleberry.canonical.com)\n\tby huckleberry.canonical.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1dxW4a-0008MB-8R; Thu, 28 Sep 2017 10:29:40 +0000",
            "from youngberry.canonical.com ([91.189.89.112])\n\tby huckleberry.canonical.com with esmtps\n\t(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)\n\t(Exim 4.86_2) (envelope-from <shrirang.bagul@canonical.com>)\n\tid 1dxW4W-0008KN-4d\n\tfor kernel-team@lists.ubuntu.com; Thu, 28 Sep 2017 10:29:36 +0000",
            "from 1.general.shrirang--bagul.uk.vpn ([10.172.198.4]\n\thelo=snb-ubuntu.taipei) by youngberry.canonical.com with esmtpsa\n\t(TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.76) (envelope-from <shrirang.bagul@canonical.com>)\n\tid 1dxW4V-0003g8-B2\n\tfor kernel-team@lists.ubuntu.com; Thu, 28 Sep 2017 10:29:35 +0000"
        ],
        "From": "Shrirang Bagul <shrirang.bagul@canonical.com>",
        "To": "kernel-team@lists.ubuntu.com",
        "Subject": "[X/Z SRU][PATCH 1/2] KVM: VMX: Do not BUG() on out-of-bounds guest\n\tIRQ",
        "Date": "Thu, 28 Sep 2017 18:29:27 +0800",
        "Message-Id": "<20170928102928.14992-2-shrirang.bagul@canonical.com>",
        "X-Mailer": "git-send-email 2.11.0",
        "In-Reply-To": "<20170928102928.14992-1-shrirang.bagul@canonical.com>",
        "References": "<20170928102928.14992-1-shrirang.bagul@canonical.com>",
        "MIME-Version": "1.0",
        "X-BeenThere": "kernel-team@lists.ubuntu.com",
        "X-Mailman-Version": "2.1.20",
        "Precedence": "list",
        "List-Id": "Kernel team discussions <kernel-team.lists.ubuntu.com>",
        "List-Unsubscribe": "<https://lists.ubuntu.com/mailman/options/kernel-team>,\n\t<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>",
        "List-Archive": "<https://lists.ubuntu.com/archives/kernel-team>",
        "List-Post": "<mailto:kernel-team@lists.ubuntu.com>",
        "List-Help": "<mailto:kernel-team-request@lists.ubuntu.com?subject=help>",
        "List-Subscribe": "<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n\t<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>",
        "Content-Type": "text/plain; charset=\"utf-8\"",
        "Content-Transfer-Encoding": "base64",
        "Errors-To": "kernel-team-bounces@lists.ubuntu.com",
        "Sender": "\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"
    },
    "content": "From: Jan H. Schönherr <jschoenh@amazon.de>\n\nThe value of the guest_irq argument to vmx_update_pi_irte() is\nultimately coming from a KVM_IRQFD API call. Do not BUG() in\nvmx_update_pi_irte() if the value is out-of bounds. (Especially,\nsince KVM as a whole seems to hang after that.)\n\nInstead, print a message only once if we find that we don't have a\nroute for a certain IRQ (which can be out-of-bounds or within the\narray).\n\nThis fixes CVE-2017-1000252.\n\nFixes: efc644048ecde54 (\"KVM: x86: Update IRTE for posted-interrupts\")\nSigned-off-by: Jan H. Schönherr <jschoenh@amazon.de>\nSigned-off-by: Paolo Bonzini <pbonzini@redhat.com>\n(cherry picked from commit 3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb)\nSigned-off-by: Shrirang Bagul <shrirang.bagul@canonical.com>\n---\n arch/x86/kvm/vmx.c | 9 +++++++--\n 1 file changed, 7 insertions(+), 2 deletions(-)",
    "diff": "diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c\nindex 37675b7a0abc..db8cb880971b 100644\n--- a/arch/x86/kvm/vmx.c\n+++ b/arch/x86/kvm/vmx.c\n@@ -10758,7 +10758,7 @@ static int vmx_update_pi_irte(struct kvm *kvm, unsigned int host_irq,\n \tstruct kvm_lapic_irq irq;\n \tstruct kvm_vcpu *vcpu;\n \tstruct vcpu_data vcpu_info;\n-\tint idx, ret = -EINVAL;\n+\tint idx, ret = 0;\n \n \tif (!kvm_arch_has_assigned_device(kvm) ||\n \t\t!irq_remapping_cap(IRQ_POSTING_CAP))\n@@ -10766,7 +10766,12 @@ static int vmx_update_pi_irte(struct kvm *kvm, unsigned int host_irq,\n \n \tidx = srcu_read_lock(&kvm->irq_srcu);\n \tirq_rt = srcu_dereference(kvm->irq_routing, &kvm->irq_srcu);\n-\tBUG_ON(guest_irq >= irq_rt->nr_rt_entries);\n+\tif (guest_irq >= irq_rt->nr_rt_entries ||\n+\t    hlist_empty(&irq_rt->map[guest_irq])) {\n+\t\tpr_warn_once(\"no route for guest_irq %u/%u (broken user space?)\\n\",\n+\t\t\t     guest_irq, irq_rt->nr_rt_entries);\n+\t\tgoto out;\n+\t}\n \n \thlist_for_each_entry(e, &irq_rt->map[guest_irq], link) {\n \t\tif (e->type != KVM_IRQ_ROUTING_MSI)\n",
    "prefixes": [
        "X/Z",
        "SRU",
        "1/2"
    ]
}