On 13/10/2017 01:16, Greg Kurz wrote:
> Ping ?
When is Paul back from vacation? :)
Paolo
> On Thu, 14 Sep 2017 23:56:25 +0200
> Greg Kurz <groug@xxxxxxxx> wrote:
>
>> The following program causes a kernel oops:
>>
>> #include <sys/types.h>
>> #include <sys/stat.h>
>> #include <fcntl.h>
>> #include <sys/ioctl.h>
>> #include <linux/kvm.h>
>>
>> main()
>> {
>> int fd = open("/dev/kvm", O_RDWR);
>> ioctl(fd, KVM_CHECK_EXTENSION, KVM_CAP_PPC_HTM);
>> }
>>
>> This happens because when using the global KVM fd with
>> KVM_CHECK_EXTENSION, kvm_vm_ioctl_check_extension() gets
>> called with a NULL kvm argument, which gets dereferenced
>> in is_kvmppc_hv_enabled(). Spotted while reading the code.
>>
>> Let's use the hv_enabled fallback variable, like everywhere
>> else in this function.
>>
>> Fixes: 23528bb21ee2 ("KVM: PPC: Introduce KVM_CAP_PPC_HTM")
>> Cc: stable@xxxxxxxxxxxxxxx # v4.7+
>> Signed-off-by: Greg Kurz <groug@xxxxxxxx>
>> ---
>> arch/powerpc/kvm/powerpc.c | 3 +--
>> 1 file changed, 1 insertion(+), 2 deletions(-)
>>
>> diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c
>> index 3480faaf1ef8..ee279c7f4802 100644
>> --- a/arch/powerpc/kvm/powerpc.c
>> +++ b/arch/powerpc/kvm/powerpc.c
>> @@ -644,8 +644,7 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
>> break;
>> #endif
>> case KVM_CAP_PPC_HTM:
>> - r = cpu_has_feature(CPU_FTR_TM_COMP) &&
>> - is_kvmppc_hv_enabled(kvm);
>> + r = cpu_has_feature(CPU_FTR_TM_COMP) && hv_enabled;
>> break;
>> default:
>> r = 0;
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe kvm-ppc" in
>> the body of a message to majordomo@xxxxxxxxxxxxxxx
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>