Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Ubuntu Kernel Team (http://www.linux-archive.org/ubuntu-kernel-team/)
-   -   KVM: fix backport of 3e51570 on hardy (http://www.linux-archive.org/ubuntu-kernel-team/682566-kvm-fix-backport-3e51570-hardy.html)

Herton Ronaldo Krzesinski 07-11-2012 05:39 PM

KVM: fix backport of 3e51570 on hardy
 
> Isn't this needed in the other custom binary files ?
>
> ./virt/kvm/kvm_main.c
> ./debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c
> ./debian/binary-custom.d/openvz/src/virt/kvm/kvm_main.c

Updated patch:

From: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
Subject: [PATCH] KVM: fix backport of 3e51570 on hardy

CVE-2012-1601

BugLink: http://bugs.launchpad.net/bugs/971685

Sasha Levin reported that our backport of 3e51570 ("KVM: Ensure all
vcpus are consistent with in-kernel irqchip settings") has a bug, and
suggested possible fixes. We increment kvm->online_vcpus, but not
decrement it in the case create_vcpu_fd fails, which could cause issues
if it fails and vm is not destroyed after (counter will be out of sync).
In the upstream change this is not a problem since the increment is done
after create_vcpu_fd is called. The solution chosen here is to just
decrement it on the failure path.

Reported-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
---
.../binary-custom.d/openvz/src/virt/kvm/kvm_main.c | 1 +
debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c | 1 +
virt/kvm/kvm_main.c | 1 +
3 files changed, 3 insertions(+)

diff --git a/debian/binary-custom.d/openvz/src/virt/kvm/kvm_main.c b/debian/binary-custom.d/openvz/src/virt/kvm/kvm_main.c
index d9a8ae0..61c18ba 100644
--- a/debian/binary-custom.d/openvz/src/virt/kvm/kvm_main.c
+++ b/debian/binary-custom.d/openvz/src/virt/kvm/kvm_main.c
@@ -823,6 +823,7 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, int n)
unlink:
mutex_lock(&kvm->lock);
kvm->vcpus[n] = NULL;
+ atomic_dec(&kvm->online_vcpus);
vcpu_destroy:
mutex_unlock(&kvm->lock);
kvm_arch_vcpu_destroy(vcpu);
diff --git a/debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c b/debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c
index d9a8ae0..61c18ba 100644
--- a/debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c
+++ b/debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c
@@ -823,6 +823,7 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, int n)
unlink:
mutex_lock(&kvm->lock);
kvm->vcpus[n] = NULL;
+ atomic_dec(&kvm->online_vcpus);
vcpu_destroy:
mutex_unlock(&kvm->lock);
kvm_arch_vcpu_destroy(vcpu);
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index d9a8ae0..61c18ba 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -823,6 +823,7 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, int n)
unlink:
mutex_lock(&kvm->lock);
kvm->vcpus[n] = NULL;
+ atomic_dec(&kvm->online_vcpus);
vcpu_destroy:
mutex_unlock(&kvm->lock);
kvm_arch_vcpu_destroy(vcpu);
--
1.7.9.5

--
[]'s
Herton

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team


All times are GMT. The time now is 10:15 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.