qemu-kvm: Work around borken MSR_GET_INDEX_LIST

Message ID	4A4D0F99.2030604@web.de (mailing list archive)
State	New, archived
Headers	show Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n62Jp2oU028950 for <patchwork-kvm@patchwork.kernel.org>; Thu, 2 Jul 2009 19:51:02 GMT Message-ID: <4A4D0F99.2030604@web.de> Date: Thu, 02 Jul 2009 21:50:49 +0200 From: Jan Kiszka <jan.kiszka@web.de> User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 MIME-Version: 1.0 To: Avi Kivity <avi@redhat.com> CC: kvm-devel <kvm@vger.kernel.org> Subject: [PATCH] qemu-kvm: Work around borken MSR_GET_INDEX_LIST Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigB57D96A36B8FEF6C820EA6C9" Sender: kvm-owner@vger.kernel.org Precedence: bulk

Message ID

4A4D0F99.2030604@web.de (mailing list archive)

State

New, archived

Headers

Message-ID: <4A4D0F99.2030604@web.de>
Date: Thu, 02 Jul 2009 21:50:49 +0200
From: Jan Kiszka <jan.kiszka@web.de>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de;
	rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1
	Thunderbird/2.0.0.12 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: Avi Kivity <avi@redhat.com>
CC: kvm-devel <kvm@vger.kernel.org>
Subject: [PATCH] qemu-kvm: Work around borken MSR_GET_INDEX_LIST
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enigB57D96A36B8FEF6C820EA6C9"
Sender: kvm-owner@vger.kernel.org
Precedence: bulk

Commit Message

Jan Kiszka July 2, 2009, 7:50 p.m. UTC

Allocate enough memory for KVM_GET_MSR_INDEX_LIST as older kernels shot
far beyond their limits, corrupting user space memory.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---

 qemu-kvm-x86.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

Comments

Avi Kivity July 6, 2009, 7:50 a.m. UTC | #1

On 07/02/2009 10:50 PM, Jan Kiszka wrote:
> Allocate enough memory for KVM_GET_MSR_INDEX_LIST as older kernels shot
> far beyond their limits, corrupting user space memory.
>    

Applied, thanks.

diff --git a/qemu-kvm-x86.c b/qemu-kvm-x86.c
index d6735c1..e528acb 100644
--- a/qemu-kvm-x86.c
+++ b/qemu-kvm-x86.c
@@ -349,7 +349,10 @@  struct kvm_msr_list *kvm_get_msr_list(kvm_context_t kvm)
 	r = ioctl(kvm->fd, KVM_GET_MSR_INDEX_LIST, &sizer);
 	if (r == -1 && errno != E2BIG)
 		return NULL;
-	msrs = malloc(sizeof *msrs + sizer.nmsrs * sizeof *msrs->indices);
+	/* Old kernel modules had a bug and could write beyond the provided
+	   memory. Allocate at least a safe amount of 1K. */
+	msrs = malloc(MAX(1024, sizeof(*msrs) +
+				sizer.nmsrs * sizeof(*msrs->indices)));
 	if (!msrs) {
 		errno = ENOMEM;
 		return NULL;

qemu-kvm: Work around borken MSR_GET_INDEX_LIST

Commit Message

Comments

Patch