On Tue, Oct 27, 2009 at 01:10:44PM -0200, Marcelo Tosatti wrote:
> Otherwise kvm might attempt to dereference a NULL pointer.
>
> CC: stable@xxxxxxxxxx
> Signed-off-by: Marcelo Tosatti <mtosatti@xxxxxxxxxx>
>
> Index: kvm/arch/x86/kvm/x86.c
> ===================================================================
> --- kvm.orig/arch/x86/kvm/x86.c
> +++ kvm/arch/x86/kvm/x86.c
> @@ -1815,6 +1815,9 @@ long kvm_arch_vcpu_ioctl(struct file *fi
>
> switch (ioctl) {
> case KVM_GET_LAPIC: {
> + r = -EINVAL;
> + if (!irqchip_in_kernel(vcpu->kvm))
> + goto out;
> lapic = kzalloc(sizeof(struct kvm_lapic_state), GFP_KERNEL);
>
> r = -ENOMEM;
> @@ -1830,6 +1833,9 @@ long kvm_arch_vcpu_ioctl(struct file *fi
> break;
> }
> case KVM_SET_LAPIC: {
> + r = -EINVAL;
> + if (!irqchip_in_kernel(vcpu->kvm))
> + goto out;
> lapic = kmalloc(sizeof(struct kvm_lapic_state), GFP_KERNEL);
> r = -ENOMEM;
> if (!lapic)
>
Can the value of irqchip_in_kernel be changed by userspace
after we have checked it? If yes, this check won't help ...
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
