On 2016/1/7 20:32, P J P wrote:
From: P J P <p...@fedoraproject.org>
While setting the KVM PIT counters in 'kvm_pit_load_count', if
'hpet_legacy_start' is set, the function disables the timer on
channel[0], instead of the respective index 'channel'. Update it
to use 'channel' index parameter.
Signed-off-by: P J P <p...@fedoraproject.org>
---
arch/x86/kvm/i8254.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
index 08116ff..154e936 100644
--- a/arch/x86/kvm/i8254.c
+++ b/arch/x86/kvm/i8254.c
@@ -420,10 +420,11 @@ void kvm_pit_load_count(struct kvm *kvm, int channel, u32
val, int hpet_legacy_s
u8 saved_mode;
if (hpet_legacy_start) {
/* save existing mode for later reenablement */
- saved_mode = kvm->arch.vpit->pit_state.channels[0].mode;
- kvm->arch.vpit->pit_state.channels[0].mode = 0xff; /* disable
timer */
+ saved_mode = kvm->arch.vpit->pit_state.channels[channel].mode;
+ /* disable timer */
+ kvm->arch.vpit->pit_state.channels[channel].mode = 0xff;
pit_load_count(kvm, channel, val);
- kvm->arch.vpit->pit_state.channels[0].mode = saved_mode;
+ kvm->arch.vpit->pit_state.channels[channel].mode = saved_mode;
} else {
pit_load_count(kvm, channel, val);
}
Will this trigger the same issue like CVE-2015-7513 ?
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0185604c2d82c560dab2f2933a18f797e74ab5a8
--
best regards
yang
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html