+-- On Thu, 7 Jan 2016, Paolo Bonzini wrote --+ | > Will this trigger the same issue like CVE-2015-7513 ? | > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0185604c2d82c560dab2f2933a18f797e74ab5a8 | | I am not sure (--verbose please :)) IIUC, it shouldn't, because pit_load_count() does /* * The largest possible initial count is 0; this is equivalent * to 216 for binary counting and 104 for BCD counting. */ if (val == 0) val = 0x10000; | but the right fix is to change the caller like this: | diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c | @@ -420,6 +420,7 @@ void kvm_pit_load_count(struct kvm *kvm, int channel, u32 val, int hpet_legacy_s | u8 saved_mode; | if (hpet_legacy_start) { | /* save existing mode for later reenablement */ | + WARN_ON(channel != 0); | saved_mode = kvm->arch.vpit->pit_state.channels[0].mode; | kvm->arch.vpit->pit_state.channels[0].mode = 0xff; /* disable timer */ | pit_load_count(kvm, channel, val); In that case I guess, 'pit_load_count' could be called as + pit_load_count(kvm, 0, val); Thank you. -- - P J P 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
