+-- On Thu, 7 Jan 2016, Paolo Bonzini wrote --+
| > Will this trigger the same issue like CVE-2015-7513 ?
| >
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0185604c2d82c560dab2f2933a18f797e74ab5a8
|
| I am not sure (--verbose please :))
IIUC, it shouldn't, because pit_load_count() does
/*
* The largest possible initial count is 0; this is equivalent
* to 216 for binary counting and 104 for BCD counting.
*/
if (val == 0)
val = 0x10000;
| but the right fix is to change the caller like this:
| diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
| @@ -420,6 +420,7 @@ void kvm_pit_load_count(struct kvm *kvm, int channel, u32
val, int hpet_legacy_s
| u8 saved_mode;
| if (hpet_legacy_start) {
| /* save existing mode for later reenablement */
| + WARN_ON(channel != 0);
| saved_mode = kvm->arch.vpit->pit_state.channels[0].mode;
| kvm->arch.vpit->pit_state.channels[0].mode = 0xff; /* disable
timer */
| pit_load_count(kvm, channel, val);
In that case I guess, 'pit_load_count' could be called as
+ pit_load_count(kvm, 0, val);
Thank you.
--
- P J P
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
