Four KVM ioctls (KVM_GET/SET_CPUID2 on x86, KVM_GET/SET_ONE_REG on ARM and s390) directly access the kvm_vcpu_arch struct. Therefore, the new usercopy hardening work in linux-next, which forbids copies from and to slab objects unless they are from kmalloc or explicitly whitelisted, breaks KVM on those architectures. The kvm_vcpu_arch struct is embedded in the kvm_vcpu struct and the corresponding slab cache is allocated by architecture-independent code. It is enough, for simplicity, to whitelist the whole sub-struct and only touch one place of the KVM code. Later, any further restrictions can be applied in the KVM tree. Paolo Bonzini (2): kvm: whitelist struct kvm_vcpu_arch kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl arch/x86/kvm/x86.c | 7 ++++--- virt/kvm/kvm_main.c | 8 ++++++-- 2 files changed, 10 insertions(+), 5 deletions(-) -- 2.14.2
