From patchwork Thu Sep 26 15:13:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Massimiliano Pellizzer X-Patchwork-Id: 1989861 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XDxvR5tBVz1xt6 for ; Fri, 27 Sep 2024 01:13:55 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1stqBc-00008t-RF; Thu, 26 Sep 2024 15:13:44 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1stqBa-00008f-9M for kernel-team@lists.ubuntu.com; Thu, 26 Sep 2024 15:13:42 +0000 Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 6B42E3F167 for ; Thu, 26 Sep 2024 15:13:38 +0000 (UTC) Received: by mail-ed1-f71.google.com with SMTP id 4fb4d7f45d1cf-5c24b4a57b4so663599a12.2 for ; Thu, 26 Sep 2024 08:13:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727363617; x=1727968417; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=NSOSD+1faqgEn89DvBHmgZIeMtfeUxT96znQZ9kwAPc=; b=YduBFwzKPekNWpiftKj3AP1o/uA9N8ofThHyWabaMYcjImp+LWuuVAEydx0vyh5YVz vy5Xzd/iBK2GZHIHwuVkfY7Xucpaz5J9cf8/ylIei3TVJgd6Ilqr5behnN9K6twc1uEi a+c5z8YDpHzntzODpzO/GTgUw1bM3xsJIvRD04L0LRA5lcjYYwp+Z5q2/naQTRobvrcn W4UNQ3gVG/odGn19lsfRvNn5K1pMuaHXgrZs5/beeVGXkFSWHYNJMPZQh/ug79vFCUKi ul7MUkYHv5/bhW1g/c30/4/HYEX+VmoCH6nBiajZogCmJzHlR/Vmms7K011jpFSeCMKd OCQA== X-Gm-Message-State: AOJu0YwpebLhz94G8inAsQvMohKE5yt5KkH2o7rqULlNYeFdsDj8vaaX DMNJ9KWi4cV1+7FLoRcGYbAKNHV9tSUqfouoO/JzRq4HY1Ie8+txfZrvAQSTRpJCZgIApjpM+TD 2PNMnGewaNgMtOSOZgOf+WXMjimIroz/inZNuMbpxKrKzSdqkvtaC6A87dwxpNMW6tWjTuQZysQ yKAqSYgokv4w== X-Received: by 2002:a05:6402:1947:b0:5bf:50:266b with SMTP id 4fb4d7f45d1cf-5c8824e7f04mr52250a12.19.1727363617336; Thu, 26 Sep 2024 08:13:37 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHSr6L5bu3aUD/ZKKOK4aPBAVQ6lUMJShuft3eKmmUU/+d9y5M8Rb/lzEtNZMH6MY7SLprraQ== X-Received: by 2002:a05:6402:1947:b0:5bf:50:266b with SMTP id 4fb4d7f45d1cf-5c8824e7f04mr52232a12.19.1727363616905; Thu, 26 Sep 2024 08:13:36 -0700 (PDT) Received: from framework-canonical.station (net-93-71-67-9.cust.vodafonedsl.it. [93.71.67.9]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5c88245e9e2sm34168a12.46.2024.09.26.08.13.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Sep 2024 08:13:36 -0700 (PDT) From: Massimiliano Pellizzer To: kernel-team@lists.ubuntu.com Subject: [SRU][F][PATCH 0/1] CVE-2024-36953 Date: Thu, 26 Sep 2024 17:13:08 +0200 Message-ID: <20240926151331.54544-1-massimiliano.pellizzer@canonical.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" [Impact] KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() vgic_v2_parse_attr() is responsible for finding the vCPU that matches the user-provided CPUID, which (of course) may not be valid. If the ID is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled gracefully. Check that kvm_get_vcpu_by_id() actually returns something and fail the ioctl if not. [Fix] Noble: Fixed Jammy: Fixed Focal: Backported from linux-5.10.y Bionic: Sent to ESM ML Xenial: Not affected [Test Case] Compile tested only. [Where problems could occur] The fix affects ARM KVM VGICv2 implementation. An issue with this fix may lead to kernel crashes during the configuration og virtual CPUs. Users may also experience failed attempts to start and run properly virtual machines. Oliver Upton (1): KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() virt/kvm/arm/vgic/vgic-kvm-device.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) Acked-by: Mehmet Basaran Acked-by: Chris Chiu