linux-kernel - Re: [PATCH v1 03/11] KVM: x86: dynamic kvm_apic

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date:	Thu, 30 Jun 2016 15:15:10 -0700
From:	Andrew Honig <ahonig@...gle.com>
To:	Radim Krčmář <rkrcmar@...hat.com>
Cc:	linux-kernel@...r.kernel.org, kvm <kvm@...r.kernel.org>,
	Paolo Bonzini <pbonzini@...hat.com>,
	"Lan, Tianyu" <tianyu.lan@...el.com>,
	Igor Mammedov <imammedo@...hat.com>,
	Jan Kiszka <jan.kiszka@....de>, Peter Xu <peterx@...hat.com>
Subject: Re: [PATCH v1 03/11] KVM: x86: dynamic kvm_apic_map

> -
> -       new = kzalloc(sizeof(struct kvm_apic_map), GFP_KERNEL);
> +       u32 size, max_id = 255;
>
>         mutex_lock(&kvm->arch.apic_map_lock);
>
> +       kvm_for_each_vcpu(i, vcpu, kvm)
> +               if (kvm_apic_present(vcpu))
> +                       max_id = max(max_id, kvm_apic_id(vcpu->arch.apic));
> +
> +       /* kvm_apic_map_get_logical_dest() expects multiples of 16 */
> +       size = round_up(max_id + 1, 16);

Now that you're using the full range of apic_id values, could this
calculation overflow?  Perhaps max_id could be u64?

> +       new = kzalloc(sizeof(struct kvm_apic_map) +
> +                     sizeof(struct kvm_lapic) * size, GFP_KERNEL);
> +
>         if (!new)
>                 goto out;
>