Attachment 386720 Details for Bug 525490 – CVE-2014-3611.patch

[patch] CVE-2014-3611.patch

CVE-2014-3611.patch (text/plain), 1.02 KB, created by Stefan Behte (RETIRED) on 2014-10-15 11:00:05 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Stefan Behte (RETIRED)

Created: 2014-10-15 11:00:05 UTC

Size: 1.02 KB

patch

obsolete

>From 1c8a72a1e9a3e28245f5da862afe8850462adfd9 Mon Sep 17 00:00:00 2001
>From: Andy Honig <ahonig@google.com>
>Date: Wed, 27 Aug 2014 14:42:54 -0700
>Subject: [PATCH 2/3] KVM/x86: Improve thread safety in pit
>
>There's a race condition in the PIT emulation code in KVM.  In
>__kvm_migrate_pit_timer the pit_timer object is accessed without
>synchronization.  If the race condition occurs at the wrong time this
>can crash the host kernel.
>
>Signed-off-by: Andrew Honig <ahonig@google.com>
>---
> arch/x86/kvm/i8254.c | 2 ++
> 1 file changed, 2 insertions(+)
>
>diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
>index 518d864..298781d 100644
>--- a/arch/x86/kvm/i8254.c
>+++ b/arch/x86/kvm/i8254.c
>@@ -262,8 +262,10 @@ void __kvm_migrate_pit_timer(struct kvm_vcpu *vcpu)
> 		return;
> 
> 	timer = &pit->pit_state.timer;
>+	mutex_lock(&pit->pit_state.lock);
> 	if (hrtimer_cancel(timer))
> 		hrtimer_start_expires(timer, HRTIMER_MODE_ABS);
>+	mutex_unlock(&pit->pit_state.lock);
> }
> 
> static void destroy_pit_timer(struct kvm_pit *pit)
>-- 
>2.1.0.rc2.206.gedb03e5
>

Actions: View | Diff

Attachments on bug 525490: 386716 | 386718 | 386720 | 386722 | 386724 | 386726