Commit 4aa675aa authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fixes from Radim Krčmář:
 "All architectures avoid memory corruption in an error path. ARM
  prevents bogus acknowledgement of interrupts"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: use after free in kvm_ioctl_create_device()
  KVM: arm/arm64: vgic: Don't notify EOI for non-SPIs
parents 3e52d063 a0f1d21c
...@@ -50,6 +50,8 @@ void vgic_v2_process_maintenance(struct kvm_vcpu *vcpu) ...@@ -50,6 +50,8 @@ void vgic_v2_process_maintenance(struct kvm_vcpu *vcpu)
WARN_ON(cpuif->vgic_lr[lr] & GICH_LR_STATE); WARN_ON(cpuif->vgic_lr[lr] & GICH_LR_STATE);
/* Only SPIs require notification */
if (vgic_valid_spi(vcpu->kvm, intid))
kvm_notify_acked_irq(vcpu->kvm, 0, kvm_notify_acked_irq(vcpu->kvm, 0,
intid - VGIC_NR_PRIVATE_IRQS); intid - VGIC_NR_PRIVATE_IRQS);
} }
......
...@@ -41,6 +41,8 @@ void vgic_v3_process_maintenance(struct kvm_vcpu *vcpu) ...@@ -41,6 +41,8 @@ void vgic_v3_process_maintenance(struct kvm_vcpu *vcpu)
WARN_ON(cpuif->vgic_lr[lr] & ICH_LR_STATE); WARN_ON(cpuif->vgic_lr[lr] & ICH_LR_STATE);
/* Only SPIs require notification */
if (vgic_valid_spi(vcpu->kvm, intid))
kvm_notify_acked_irq(vcpu->kvm, 0, kvm_notify_acked_irq(vcpu->kvm, 0,
intid - VGIC_NR_PRIVATE_IRQS); intid - VGIC_NR_PRIVATE_IRQS);
} }
......
...@@ -2889,10 +2889,10 @@ static int kvm_ioctl_create_device(struct kvm *kvm, ...@@ -2889,10 +2889,10 @@ static int kvm_ioctl_create_device(struct kvm *kvm,
ret = anon_inode_getfd(ops->name, &kvm_device_fops, dev, O_RDWR | O_CLOEXEC); ret = anon_inode_getfd(ops->name, &kvm_device_fops, dev, O_RDWR | O_CLOEXEC);
if (ret < 0) { if (ret < 0) {
ops->destroy(dev);
mutex_lock(&kvm->lock); mutex_lock(&kvm->lock);
list_del(&dev->vm_node); list_del(&dev->vm_node);
mutex_unlock(&kvm->lock); mutex_unlock(&kvm->lock);
ops->destroy(dev);
return ret; return ret;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment