[RESEND] kvm: Fix nonsense handling of compat ioctl

Message ID	20120820144330.6218.27112.stgit@localhost.localdomain (mailing list archive)
State	New, archived
Headers	show Return-Path: <kvm-owner@vger.kernel.org> From: Alan Cox <alan@lxorguk.ukuu.org.uk> Subject: [PATCH RESEND] kvm: Fix nonsense handling of compat ioctl To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Date: Mon, 20 Aug 2012 15:43:43 +0100 Message-ID: <20120820144330.6218.27112.stgit@localhost.localdomain> User-Agent: StGIT/0.14.3 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: kvm-owner@vger.kernel.org Precedence: bulk

Message ID

20120820144330.6218.27112.stgit@localhost.localdomain (mailing list archive)

State

New, archived

Headers

From: Alan Cox <alan@lxorguk.ukuu.org.uk>
Subject: [PATCH RESEND] kvm: Fix nonsense handling of compat ioctl
To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Date: Mon, 20 Aug 2012 15:43:43 +0100
Message-ID: <20120820144330.6218.27112.stgit@localhost.localdomain>
User-Agent: StGIT/0.14.3
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Sender: kvm-owner@vger.kernel.org
Precedence: bulk

Commit Message

Alan Cox Aug. 20, 2012, 2:43 p.m. UTC

From: Alan Cox <alan@linux.intel.com>

KVM_SET_SIGNAL_MASK passed a NULL argument leaves the on stack signal
sets uninitialized. It then passes them through to
kvm_vcpu_ioctl_set_sigmask.

We should be passing a NULL in this case not translated garbage.

Signed-off-by: Alan Cox <alan@linux.intel.com>
---

 virt/kvm/kvm_main.c |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Avi Kivity Aug. 22, 2012, 12:22 p.m. UTC | #1

On 08/20/2012 05:43 PM, Alan Cox wrote:
> From: Alan Cox <alan@linux.intel.com>
> 
> KVM_SET_SIGNAL_MASK passed a NULL argument leaves the on stack signal
> sets uninitialized. It then passes them through to
> kvm_vcpu_ioctl_set_sigmask.
> 
> We should be passing a NULL in this case not translated garbage.
> 
> Signed-off-by: Alan Cox <alan@linux.intel.com>
> ---
> 
>  virt/kvm/kvm_main.c |    7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> index a2e85af..e47a7ca 100644
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c
> @@ -1975,9 +1975,10 @@ static long kvm_vcpu_compat_ioctl(struct file *filp,
>  			if (copy_from_user(&csigset, sigmask_arg->sigset,
>  					   sizeof csigset))
>  				goto out;
> -		}
> -		sigset_from_compat(&sigset, &csigset);
> -		r = kvm_vcpu_ioctl_set_sigmask(vcpu, &sigset);
> +			sigset_from_compat(&sigset, &csigset);
> +			r = kvm_vcpu_ioctl_set_sigmask(vcpu, &sigset);
> +		} else
> +			kvm_vcpu_ioctl_set_sigmask(vcpu, NULL);
>  		break;
>  	}

Now r is uninitiali[sz]ed.

diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index a2e85af..e47a7ca 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1975,9 +1975,10 @@  static long kvm_vcpu_compat_ioctl(struct file *filp,
 			if (copy_from_user(&csigset, sigmask_arg->sigset,
 					   sizeof csigset))
 				goto out;
-		}
-		sigset_from_compat(&sigset, &csigset);
-		r = kvm_vcpu_ioctl_set_sigmask(vcpu, &sigset);
+			sigset_from_compat(&sigset, &csigset);
+			r = kvm_vcpu_ioctl_set_sigmask(vcpu, &sigset);
+		} else
+			kvm_vcpu_ioctl_set_sigmask(vcpu, NULL);
 		break;
 	}
 	default:

[RESEND] kvm: Fix nonsense handling of compat ioctl

Commit Message

Comments

Patch