From patchwork Wed Jul 11 17:39:35 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: KVM: fix backport of 3e51570 on hardy Date: Wed, 11 Jul 2012 07:39:35 -0000 From: Herton Ronaldo Krzesinski X-Patchwork-Id: 170495 Message-Id: <20120711173934.GB3162@herton-Z68MA-D2H-B3> To: Tim Gardner Cc: kernel-team@lists.ubuntu.com > Isn't this needed in the other custom binary files ? > > ./virt/kvm/kvm_main.c > ./debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c > ./debian/binary-custom.d/openvz/src/virt/kvm/kvm_main.c Updated patch: From: Herton Ronaldo Krzesinski Subject: [PATCH] KVM: fix backport of 3e51570 on hardy CVE-2012-1601 BugLink: http://bugs.launchpad.net/bugs/971685 Sasha Levin reported that our backport of 3e51570 ("KVM: Ensure all vcpus are consistent with in-kernel irqchip settings") has a bug, and suggested possible fixes. We increment kvm->online_vcpus, but not decrement it in the case create_vcpu_fd fails, which could cause issues if it fails and vm is not destroyed after (counter will be out of sync). In the upstream change this is not a problem since the increment is done after create_vcpu_fd is called. The solution chosen here is to just decrement it on the failure path. Reported-by: Sasha Levin Signed-off-by: Herton Ronaldo Krzesinski --- .../binary-custom.d/openvz/src/virt/kvm/kvm_main.c | 1 + debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c | 1 + virt/kvm/kvm_main.c | 1 + 3 files changed, 3 insertions(+) diff --git a/debian/binary-custom.d/openvz/src/virt/kvm/kvm_main.c b/debian/binary-custom.d/openvz/src/virt/kvm/kvm_main.c index d9a8ae0..61c18ba 100644 --- a/debian/binary-custom.d/openvz/src/virt/kvm/kvm_main.c +++ b/debian/binary-custom.d/openvz/src/virt/kvm/kvm_main.c @@ -823,6 +823,7 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, int n) unlink: mutex_lock(&kvm->lock); kvm->vcpus[n] = NULL; + atomic_dec(&kvm->online_vcpus); vcpu_destroy: mutex_unlock(&kvm->lock); kvm_arch_vcpu_destroy(vcpu); diff --git a/debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c b/debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c index d9a8ae0..61c18ba 100644 --- a/debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c +++ b/debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c @@ -823,6 +823,7 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, int n) unlink: mutex_lock(&kvm->lock); kvm->vcpus[n] = NULL; + atomic_dec(&kvm->online_vcpus); vcpu_destroy: mutex_unlock(&kvm->lock); kvm_arch_vcpu_destroy(vcpu); diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index d9a8ae0..61c18ba 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -823,6 +823,7 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, int n) unlink: mutex_lock(&kvm->lock); kvm->vcpus[n] = NULL; + atomic_dec(&kvm->online_vcpus); vcpu_destroy: mutex_unlock(&kvm->lock); kvm_arch_vcpu_destroy(vcpu);