{"id":819525,"url":"http://patchwork.ozlabs.org/api/patches/819525/?format=json","web_url":"http://patchwork.ozlabs.org/project/ubuntu-kernel/patch/20170928102928.14992-3-shrirang.bagul@canonical.com/","project":{"id":15,"url":"http://patchwork.ozlabs.org/api/projects/15/?format=json","name":"Ubuntu Kernel","link_name":"ubuntu-kernel","list_id":"kernel-team.lists.ubuntu.com","list_email":"kernel-team@lists.ubuntu.com","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20170928102928.14992-3-shrirang.bagul@canonical.com>","list_archive_url":null,"date":"2017-09-28T10:29:28","name":"[X/Z,SRU,2/2] KVM: Don't accept obviously wrong gsi values via KVM_IRQFD","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"40eb35ae635d0f1bf98fc790e03655f65e8fb573","submitter":{"id":69376,"url":"http://patchwork.ozlabs.org/api/people/69376/?format=json","name":"Shrirang Bagul","email":"shrirang.bagul@canonical.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/ubuntu-kernel/patch/20170928102928.14992-3-shrirang.bagul@canonical.com/mbox/","series":[{"id":5533,"url":"http://patchwork.ozlabs.org/api/series/5533/?format=json","web_url":"http://patchwork.ozlabs.org/project/ubuntu-kernel/list/?series=5533","date":"2017-09-28T10:29:26","name":"Fix CVE-2017-1000252","version":1,"mbox":"http://patchwork.ozlabs.org/series/5533/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/819525/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/819525/checks/","tags":{},"related":[],"headers":{"Return-Path":"<kernel-team-bounces@lists.ubuntu.com>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com\n\t(client-ip=91.189.94.19; helo=huckleberry.canonical.com;\n\tenvelope-from=kernel-team-bounces@lists.ubuntu.com;\n\treceiver=<UNKNOWN>)","Received":["from huckleberry.canonical.com (huckleberry.canonical.com\n\t[91.189.94.19])\n\tby ozlabs.org (Postfix) with ESMTP id 3y2rXm3FVdz9tXj;\n\tThu, 28 Sep 2017 20:29:44 +1000 (AEST)","from localhost ([127.0.0.1] helo=huckleberry.canonical.com)\n\tby huckleberry.canonical.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1dxW4Y-0008L7-2v; Thu, 28 Sep 2017 10:29:38 +0000","from youngberry.canonical.com ([91.189.89.112])\n\tby huckleberry.canonical.com with esmtps\n\t(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)\n\t(Exim 4.86_2) (envelope-from <shrirang.bagul@canonical.com>)\n\tid 1dxW4X-0008Kx-Jk\n\tfor kernel-team@lists.ubuntu.com; Thu, 28 Sep 2017 10:29:37 +0000","from 1.general.shrirang--bagul.uk.vpn ([10.172.198.4]\n\thelo=snb-ubuntu.taipei) by youngberry.canonical.com with esmtpsa\n\t(TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.76) (envelope-from <shrirang.bagul@canonical.com>)\n\tid 1dxW4W-0003g8-Pr\n\tfor kernel-team@lists.ubuntu.com; Thu, 28 Sep 2017 10:29:37 +0000"],"From":"Shrirang Bagul <shrirang.bagul@canonical.com>","To":"kernel-team@lists.ubuntu.com","Subject":"[X/Z SRU][PATCH 2/2] KVM: Don't accept obviously wrong gsi values\n\tvia KVM_IRQFD","Date":"Thu, 28 Sep 2017 18:29:28 +0800","Message-Id":"<20170928102928.14992-3-shrirang.bagul@canonical.com>","X-Mailer":"git-send-email 2.11.0","In-Reply-To":"<20170928102928.14992-1-shrirang.bagul@canonical.com>","References":"<20170928102928.14992-1-shrirang.bagul@canonical.com>","MIME-Version":"1.0","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions <kernel-team.lists.ubuntu.com>","List-Unsubscribe":"<https://lists.ubuntu.com/mailman/options/kernel-team>,\n\t<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>","List-Archive":"<https://lists.ubuntu.com/archives/kernel-team>","List-Post":"<mailto:kernel-team@lists.ubuntu.com>","List-Help":"<mailto:kernel-team-request@lists.ubuntu.com?subject=help>","List-Subscribe":"<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n\t<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"base64","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"},"content":"From: Jan H. Schönherr <jschoenh@amazon.de>\n\nWe cannot add routes for gsi values >= KVM_MAX_IRQ_ROUTES -- see\nkvm_set_irq_routing(). Hence, there is no sense in accepting them\nvia KVM_IRQFD. Prevent them from entering the system in the first\nplace.\n\nThis fixes CVE-2017-1000252.\n\nSigned-off-by: Jan H. Schönherr <jschoenh@amazon.de>\nSigned-off-by: Paolo Bonzini <pbonzini@redhat.com>\n(cherry picked from commit 36ae3c0a36b7456432fedce38ae2f7bd3e01a563)\nSigned-off-by: Shrirang Bagul <shrirang.bagul@canonical.com>\n---\n virt/kvm/eventfd.c | 2 ++\n 1 file changed, 2 insertions(+)","diff":"diff --git a/virt/kvm/eventfd.c b/virt/kvm/eventfd.c\nindex 49001fa84ead..ddc105a25a65 100644\n--- a/virt/kvm/eventfd.c\n+++ b/virt/kvm/eventfd.c\n@@ -563,6 +563,8 @@ kvm_irqfd(struct kvm *kvm, struct kvm_irqfd *args)\n {\n \tif (args->flags & ~(KVM_IRQFD_FLAG_DEASSIGN | KVM_IRQFD_FLAG_RESAMPLE))\n \t\treturn -EINVAL;\n+\tif (args->gsi >= KVM_MAX_IRQ_ROUTES)\n+\t\treturn -EINVAL;\n \n \tif (args->flags & KVM_IRQFD_FLAG_DEASSIGN)\n \t\treturn kvm_irqfd_deassign(kvm, args);\n","prefixes":["X/Z","SRU","2/2"]}