diff options
Diffstat (limited to 'common/recipes-kernel/linux/linux-yocto-4.9.21/0083-kvm-x86-fix-KVM_XEN_HVM_CONFIG-ioctl.patch')
| -rw-r--r-- | common/recipes-kernel/linux/linux-yocto-4.9.21/0083-kvm-x86-fix-KVM_XEN_HVM_CONFIG-ioctl.patch | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/common/recipes-kernel/linux/linux-yocto-4.9.21/0083-kvm-x86-fix-KVM_XEN_HVM_CONFIG-ioctl.patch b/common/recipes-kernel/linux/linux-yocto-4.9.21/0083-kvm-x86-fix-KVM_XEN_HVM_CONFIG-ioctl.patch new file mode 100644 index 00000000..b4bec832 --- /dev/null +++ b/common/recipes-kernel/linux/linux-yocto-4.9.21/0083-kvm-x86-fix-KVM_XEN_HVM_CONFIG-ioctl.patch @@ -0,0 +1,57 @@ +From 91702980566c39210225154c2a8b1cef41942737 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini <pbonzini@redhat.com> +Date: Thu, 26 Oct 2017 15:45:47 +0200 +Subject: [PATCH 83/93] kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +[ Upstream commit 51776043afa415435c7e4636204fbe4f7edc4501 ] + +This ioctl is obsolete (it was used by Xenner as far as I know) but +still let's not break it gratuitously... Its handler is copying +directly into struct kvm. Go through a bounce buffer instead, with +the added benefit that we can actually do something useful with the +flags argument---the previous code was exiting with -EINVAL but still +doing the copy. + +This technically is a userspace ABI breakage, but since no one should be +using the ioctl, it's a good occasion to see if someone actually +complains. + +Cc: kernel-hardening@lists.openwall.com +Cc: Kees Cook <keescook@chromium.org> +Cc: Radim Krčmář <rkrcmar@redhat.com> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +Signed-off-by: Kees Cook <keescook@chromium.org> +Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + arch/x86/kvm/x86.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c +index 27e6cf0..d7974fc 100644 +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -4106,13 +4106,14 @@ long kvm_arch_vm_ioctl(struct file *filp, + mutex_unlock(&kvm->lock); + break; + case KVM_XEN_HVM_CONFIG: { ++ struct kvm_xen_hvm_config xhc; + r = -EFAULT; +- if (copy_from_user(&kvm->arch.xen_hvm_config, argp, +- sizeof(struct kvm_xen_hvm_config))) ++ if (copy_from_user(&xhc, argp, sizeof(xhc))) + goto out; + r = -EINVAL; +- if (kvm->arch.xen_hvm_config.flags) ++ if (xhc.flags) + goto out; ++ memcpy(&kvm->arch.xen_hvm_config, &xhc, sizeof(xhc)); + r = 0; + break; + } +-- +2.7.4 + |