Sophie: kvm-83-270.el5

kvm-83-270.el5_11.src.rpm

From bcd5125042ec61115a02b735c74212f1bda05c35 Mon Sep 17 00:00:00 2001
Message-Id: <bcd5125042ec61115a02b735c74212f1bda05c35.1364903006.git.minovotn@redhat.com>
From: Petr Matousek <pmatouse@redhat.com>
Date: Thu, 28 Mar 2013 11:38:59 +0100
Subject: [PATCH] kvm: accept unaligned MSR_KVM_SYSTEM_TIME writes

RH-Author: Petr Matousek <pmatouse@redhat.com>
Message-id: <20130328113858.GT800@dhcp-25-225.brq.redhat.com>
Patchwork-id: 49925
O-Subject: [RHEL 5.10 rhel-5.9.z kvm PATCH] kvm: accept unaligned MSR_KVM_SYSTEM_TIME writes
Bugzilla: 924597
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Gleb Natapov <gleb@redhat.com>
RH-Acked-by: Andrew Jones <drjones@redhat.com>

Bugzilla:   924597
Upstream status: http://www.spinics.net/lists/kvm/msg88469.html
Brew build: https://brewweb.devel.redhat.com/taskinfo?taskID=5575068

While testing rhel-5 version of the CVE-2013-1796 patch that rejected
unaligned MSR_KVM_SYSTEM_TIME reads a regression has been found --
rhel-5 guests can register unaligned time pages.

Instead of rejecting unaligned MSR_KVM_SYSTEM_TIME writes, accept them.
We use kvm_write_guest() which can handle multi-page writes gracefully
anyway, so no need for reject.

Testing:        * tested using reproducer provided by me which basically
                registers time page on the two page boundary and counts
                number of bytes written to it

		* tested that rhel-5 guest that previously did not boot
		boots now

		https://bugzilla.redhat.com/show_bug.cgi?id=924597#c16

Signed-off-by: Petr Matousek <pmatouse@redhat.com>
---
 arch/x86/kvm/x86.c | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

Signed-off-by: Michal Novotny <minovotn@redhat.com>
---
 arch/x86/kvm/x86.c | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 525ccee..d5bb971 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -686,8 +686,7 @@ static void kvm_write_guest_time(struct kvm_vcpu *v)
 	vcpu->hv_clock.version += 2;
 
 	kvm_write_guest(v->kvm,
-		vcpu->time & ~(sizeof(struct pvclock_vcpu_time_info) - 1),
-		&vcpu->hv_clock, sizeof(vcpu->hv_clock));
+		vcpu->time & ~1ULL, &vcpu->hv_clock, sizeof(vcpu->hv_clock));
 }
 
 static bool msr_mtrr_valid(unsigned msr)
@@ -849,11 +848,6 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data)
 		/* ...but clean it before doing the actual write */
 		vcpu->arch.time_offset = data & ~(PAGE_MASK | 1);
 
-		/* Check that the address is 32-byte aligned. */
-		if (vcpu->arch.time_offset &
-				(sizeof(struct pvclock_vcpu_time_info) - 1))
-			break;
-
 		vcpu->arch.time_page =
 				gfn_to_page(vcpu->kvm, data >> PAGE_SHIFT);
 
-- 
1.7.11.7