From c1d5388741c67796c728a41e28949b05ed72e52c Mon Sep 17 00:00:00 2001
From: "Justin M. Forbes" <jforbes@fedoraproject.org>
Date: Thu, 28 May 2020 10:35:15 -0500
Subject: kernel-5.7.0-0.rc7.20200528gitb0c3ba31be3e.1

* Thu May 28 2020 CKI@GitLab <cki-project@redhat.com> [5.7.0-0.rc7.20200528gitb0c3ba31be3e.1]
- b0c3ba31be3e rebase
- Updated changelog for the release based on 444fc5cde643 ("CKI@GitLab")
Resolves: rhbz#

Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
---
 ...rt-vbox-Fix-guest-capabilities-mask-check.patch | 47 ++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 0001-virt-vbox-Fix-guest-capabilities-mask-check.patch

(limited to '0001-virt-vbox-Fix-guest-capabilities-mask-check.patch')

diff --git a/0001-virt-vbox-Fix-guest-capabilities-mask-check.patch b/0001-virt-vbox-Fix-guest-capabilities-mask-check.patch
new file mode 100644
index 000000000..77dbde8f5
--- /dev/null
+++ b/0001-virt-vbox-Fix-guest-capabilities-mask-check.patch
@@ -0,0 +1,47 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Tue, 19 May 2020 13:23:06 +0200
+Subject: [PATCH] virt: vbox: Fix guest capabilities mask check
+
+Check the passed in capabilities against VMMDEV_GUEST_CAPABILITIES_MASK
+instead of against VMMDEV_EVENT_VALID_EVENT_MASK.
+This tightens the allowed mask from 0x7ff to 0x7.
+
+Fixes: 0ba002bc4393 ("virt: Add vboxguest driver for Virtual Box Guest integration")
+Cc: stable@vger.kernel.org
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Upstream Status: https://lore.kernel.org/lkml/20200520195440.38759-1-hdegoede@redhat.com/
+---
+ drivers/virt/vboxguest/vboxguest_core.c | 2 +-
+ drivers/virt/vboxguest/vmmdev.h         | 2 ++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/virt/vboxguest/vboxguest_core.c b/drivers/virt/vboxguest/vboxguest_core.c
+index 8fab04e76c14..18ebd7a6af98 100644
+--- a/drivers/virt/vboxguest/vboxguest_core.c
++++ b/drivers/virt/vboxguest/vboxguest_core.c
+@@ -1444,7 +1444,7 @@ static int vbg_ioctl_change_guest_capabilities(struct vbg_dev *gdev,
+ 	or_mask = caps->u.in.or_mask;
+ 	not_mask = caps->u.in.not_mask;
+
+-	if ((or_mask | not_mask) & ~VMMDEV_EVENT_VALID_EVENT_MASK)
++	if ((or_mask | not_mask) & ~VMMDEV_GUEST_CAPABILITIES_MASK)
+ 		return -EINVAL;
+
+ 	ret = vbg_set_session_capabilities(gdev, session, or_mask, not_mask,
+diff --git a/drivers/virt/vboxguest/vmmdev.h b/drivers/virt/vboxguest/vmmdev.h
+index 6337b8d75d96..21f408120e3f 100644
+--- a/drivers/virt/vboxguest/vmmdev.h
++++ b/drivers/virt/vboxguest/vmmdev.h
+@@ -206,6 +206,8 @@ VMMDEV_ASSERT_SIZE(vmmdev_mask, 24 + 8);
+  * not.
+  */
+ #define VMMDEV_GUEST_SUPPORTS_GRAPHICS                      BIT(2)
++/* The mask of valid capabilities, for sanity checking. */
++#define VMMDEV_GUEST_CAPABILITIES_MASK                      0x00000007U
+
+ /** struct vmmdev_hypervisorinfo - Hypervisor info structure. */
+ struct vmmdev_hypervisorinfo {
+-- 
+2.26.2
+
-- 
cgit