release/5.2.53/virt-vbox-Fix-guest-capabilities-mask-check.patch - pub/scm/linux/kernel/git/paulg/longterm-queue-5.2 - Git at Google

 From dec572735b5740ba6e4969bd337087a590e7ce38 Mon Sep 17 00:00:00 2001
 From: Hans de Goede <hdegoede@redhat.com>
 Date: Thu, 9 Jul 2020 14:08:52 +0200
 Subject: [PATCH] virt: vbox: Fix guest capabilities mask check

 commit 59d1d2e8e1e7c50d2657d5e4812b53f71f507968 upstream.

 Check the passed in capabilities against VMMDEV_GUEST_CAPABILITIES_MASK
 instead of against VMMDEV_EVENT_VALID_EVENT_MASK.
 This tightens the allowed mask from 0x7ff to 0x7.

 Fixes: 0ba002bc4393 ("virt: Add vboxguest driver for Virtual Box Guest integration")
 Cc: stable@vger.kernel.org
 Acked-by: Arnd Bergmann <arnd@arndb.de>
 Signed-off-by: Hans de Goede <hdegoede@redhat.com>
 Link: https://lore.kernel.org/r/20200709120858.63928-3-hdegoede@redhat.com
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

 diff --git a/drivers/virt/vboxguest/vboxguest_core.c b/drivers/virt/vboxguest/vboxguest_core.c
 index 4eb8ea36093a..95bfdb8ac8a2 100644
 --- a/drivers/virt/vboxguest/vboxguest_core.c
 +++ b/drivers/virt/vboxguest/vboxguest_core.c
 @@ -1443,7 +1443,7 @@ static int vbg_ioctl_change_guest_capabilities(struct vbg_dev *gdev,
  	or_mask = caps->u.in.or_mask;
  	not_mask = caps->u.in.not_mask;

 -	if ((or_mask | not_mask) & ~VMMDEV_EVENT_VALID_EVENT_MASK)
 +	if ((or_mask | not_mask) & ~VMMDEV_GUEST_CAPABILITIES_MASK)
  		return -EINVAL;

  	ret = vbg_set_session_capabilities(gdev, session, or_mask, not_mask,
 diff --git a/drivers/virt/vboxguest/vmmdev.h b/drivers/virt/vboxguest/vmmdev.h
 index 6337b8d75d96..21f408120e3f 100644
 --- a/drivers/virt/vboxguest/vmmdev.h
 +++ b/drivers/virt/vboxguest/vmmdev.h
 @@ -206,6 +206,8 @@ VMMDEV_ASSERT_SIZE(vmmdev_mask, 24 + 8);
   * not.
   */
  #define VMMDEV_GUEST_SUPPORTS_GRAPHICS                      BIT(2)
 +/* The mask of valid capabilities, for sanity checking. */
 +#define VMMDEV_GUEST_CAPABILITIES_MASK                      0x00000007U

  /** struct vmmdev_hypervisorinfo - Hypervisor info structure. */
  struct vmmdev_hypervisorinfo {
 --
 2.27.0
	From dec572735b5740ba6e4969bd337087a590e7ce38 Mon Sep 17 00:00:00 2001
	From: Hans de Goede <hdegoede@redhat.com>
	Date: Thu, 9 Jul 2020 14:08:52 +0200
	Subject: [PATCH] virt: vbox: Fix guest capabilities mask check

	commit 59d1d2e8e1e7c50d2657d5e4812b53f71f507968 upstream.

	Check the passed in capabilities against VMMDEV_GUEST_CAPABILITIES_MASK
	instead of against VMMDEV_EVENT_VALID_EVENT_MASK.
	This tightens the allowed mask from 0x7ff to 0x7.

	Fixes: 0ba002bc4393 ("virt: Add vboxguest driver for Virtual Box Guest integration")
	Cc: stable@vger.kernel.org
	Acked-by: Arnd Bergmann <arnd@arndb.de>
	Signed-off-by: Hans de Goede <hdegoede@redhat.com>
	Link: https://lore.kernel.org/r/20200709120858.63928-3-hdegoede@redhat.com
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

	diff --git a/drivers/virt/vboxguest/vboxguest_core.c b/drivers/virt/vboxguest/vboxguest_core.c
	index 4eb8ea36093a..95bfdb8ac8a2 100644
	--- a/drivers/virt/vboxguest/vboxguest_core.c
	+++ b/drivers/virt/vboxguest/vboxguest_core.c
	@@ -1443,7 +1443,7 @@ static int vbg_ioctl_change_guest_capabilities(struct vbg_dev *gdev,
	or_mask = caps->u.in.or_mask;
	not_mask = caps->u.in.not_mask;

	- if ((or_mask \| not_mask) & ~VMMDEV_EVENT_VALID_EVENT_MASK)
	+ if ((or_mask \| not_mask) & ~VMMDEV_GUEST_CAPABILITIES_MASK)
	return -EINVAL;

	ret = vbg_set_session_capabilities(gdev, session, or_mask, not_mask,
	diff --git a/drivers/virt/vboxguest/vmmdev.h b/drivers/virt/vboxguest/vmmdev.h
	index 6337b8d75d96..21f408120e3f 100644
	--- a/drivers/virt/vboxguest/vmmdev.h
	+++ b/drivers/virt/vboxguest/vmmdev.h
	@@ -206,6 +206,8 @@ VMMDEV_ASSERT_SIZE(vmmdev_mask, 24 + 8);
	* not.
	*/
	#define VMMDEV_GUEST_SUPPORTS_GRAPHICS BIT(2)
	+/* The mask of valid capabilities, for sanity checking. */
	+#define VMMDEV_GUEST_CAPABILITIES_MASK 0x00000007U

	/** struct vmmdev_hypervisorinfo - Hypervisor info structure. */
	struct vmmdev_hypervisorinfo {
	--
	2.27.0