UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/virt/kvm
History
Mathias Krause 79a7768be7 KVM: Reject overly excessive IDs in KVM_CREATE_VCPU 
commit 8b8e57e5096e47ca842c100c25667195017014ae upstream.

If, on a 64 bit system, a vCPU ID is provided that has the upper 32 bits
set to a non-zero value, it may get accepted if the truncated to 32 bits
integer value is below KVM_MAX_VCPU_IDS and 'max_vcpus'. This feels very
wrong and triggered the reporting logic of PaX's SIZE_OVERFLOW plugin.

Instead of silently truncating and accepting such values, pass the full
value to kvm_vm_ioctl_create_vcpu() and make the existing limit checks
return an error.

Even if this is a userland ABI breaking change, no sane userland could
have ever relied on that behaviour.

Reported-by: PaX's SIZE_OVERFLOW plugin running on grsecurity's syzkaller
Fixes: 6aa8b732ca ("[PATCH] kvm: userspace interface")
Cc: Emese Revfy <re.emese@gmail.com>
Cc: PaX Team <pageexec@freemail.hu>
Signed-off-by: Mathias Krause <minipli@grsecurity.net>
Link: https://lore.kernel.org/r/20240614202859.3597745-2-minipli@grsecurity.net
[sean: tweak comment about INT_MAX assertion]
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Like Xu <likexu@tencent.com>
 		2024-09-12 07:19:36 +00:00
..
Kconfig KVM: Remove CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL 2023-08-17 09:35:14 +01:00
Makefile.kvm KVM: Reinstate gfn_to_pfn_cache with invalidation support 2022-01-07 10:44:44 -05:00
async_pf.c KVM: Always flush async #PF workqueue when vCPU is being destroyed 2024-04-03 15:28:18 +02:00
async_pf.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 504 2019-06-19 17:09:56 +02:00
binary_stats.c KVM: stats: remove dead stores 2021-08-13 03:35:15 -04:00
coalesced_mmio.c KVM: destruct kvm_io_device while unregistering it from kvm_io_bus 2023-06-13 14:18:09 -07:00
coalesced_mmio.h
dirty_ring.c KVM: Support dirty ring in conjunction with bitmap 2022-11-10 13:11:58 +00:00
eventfd.c kvm/eventfd: use list_for_each_entry when deassign ioeventfd 2023-06-13 14:25:39 -07:00
irqchip.c KVM: Setup empty IRQ routing when creating a VM 2024-08-14 17:08:55 +08:00
kvm_main.c KVM: Reject overly excessive IDs in KVM_CREATE_VCPU 2024-09-12 07:19:36 +00:00
kvm_mm.h kvm: Remove the unused macro KVM_MMU_READ_{,UN}LOCK() 2022-12-27 06:00:51 -05:00
pfncache.c KVM: Skip unnecessary "unmap" if gpc is already valid during refresh 2022-11-30 19:25:24 +00:00
vfio.c kvm/vfio: avoid bouncing the mutex when adding and deleting groups 2023-08-03 12:01:56 -06:00
vfio.h