On 14/11/19 14:22, Marc Zyngier wrote:
>
> From 34bfc68752253c3da3e59072b137d1a4a85bc005 Mon Sep 17 00:00:00 2001
> From: Marc Zyngier <maz@xxxxxxxxxx>
> Date: Thu, 14 Nov 2019 13:17:39 +0000
> Subject: [PATCH] KVM: Add a comment describing the /dev/kvm no_compat
> handling
>
> Add a comment explaining the rational behind having both
> no_compat open and ioctl callbacks to fend off compat tasks.
>
> Signed-off-by: Marc Zyngier <maz@xxxxxxxxxx>
> ---
> virt/kvm/kvm_main.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> index 1243e48dc717..722f2b1d4672 100644
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c
> @@ -120,6 +120,13 @@ static long kvm_vcpu_compat_ioctl(struct file
> *file, unsigned int ioctl,
> unsigned long arg);
> #define KVM_COMPAT(c) .compat_ioctl = (c)
> #else
> +/*
> + * For architectures that don't implement a compat infrastructure,
> + * adopt a double line of defense:
> + * - Prevent a compat task from opening /dev/kvm
> + * - If the open has been done by a 64bit task, and the KVM fd
> + * passed to a compat task, let the ioctls fail.
> + */
> static long kvm_no_compat_ioctl(struct file *file, unsigned int ioctl,
> unsigned long arg) { return -EINVAL; }
>
> --
> 2.20.1
Queued, thanks!
Paolo
