1. 18 Dec, 2018 1 commit
    • Eric Biggers's avatar
      KVM: fix unregistering coalesced mmio zone from wrong bus · 987d1149
      Eric Biggers authored
      If you register a kvm_coalesced_mmio_zone with '.pio = 0' but then
      unregister it with '.pio = 1', KVM_UNREGISTER_COALESCED_MMIO will try to
      unregister it from KVM_PIO_BUS rather than KVM_MMIO_BUS, which is a
      no-op.  But it frees the kvm_coalesced_mmio_dev anyway, causing a
      use-after-free.
      
      Fix it by only unregistering and freeing the zone if the correct value
      of 'pio' is provided.
      
      Reported-by: syzbot+f87f60bb6f13f39b54e3@syzkaller.appspotmail.com
      Fixes: 0804c849 ("kvm/x86 : add coalesced pio support")
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      987d1149
  2. 16 Dec, 2018 1 commit
  3. 14 Dec, 2018 20 commits
  4. 13 Dec, 2018 13 commits
  5. 12 Dec, 2018 5 commits