[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <7a0590c0-330c-3144-94f2-3edcc7a92739@redhat.com>
Date: Fri, 5 Apr 2019 20:49:33 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: David Rientjes <rientjes@...gle.com>,
Radim Krčmář <rkrcmar@...hat.com>,
Joerg Roedel <joro@...tes.org>
Cc: Cfir Cohen <cfir@...gle.com>,
Brijesh Singh <brijesh.singh@....com>,
Tom Lendacky <thomas.lendacky@....com>, x86@...nel.org,
kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [patch] kvm: svm: fix potential get_num_contig_pages overflow
On 19/03/19 23:19, David Rientjes wrote:
> get_num_contig_pages() could potentially overflow int so make its type
> consistent with its usage.
>
> Reported-by: Cfir Cohen <cfir@...gle.com>
> Signed-off-by: David Rientjes <rientjes@...gle.com>
> ---
> arch/x86/kvm/svm.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> --- a/arch/x86/kvm/svm.c
> +++ b/arch/x86/kvm/svm.c
> @@ -6422,11 +6422,11 @@ static int sev_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
> return ret;
> }
>
> -static int get_num_contig_pages(int idx, struct page **inpages,
> - unsigned long npages)
> +static unsigned long get_num_contig_pages(unsigned long idx,
> + struct page **inpages, unsigned long npages)
> {
> unsigned long paddr, next_paddr;
> - int i = idx + 1, pages = 1;
> + unsigned long i = idx + 1, pages = 1;
>
> /* find the number of contiguous pages starting from idx */
> paddr = __sme_page_pa(inpages[idx]);
> @@ -6445,12 +6445,12 @@ static int get_num_contig_pages(int idx, struct page **inpages,
>
> static int sev_launch_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp)
> {
> - unsigned long vaddr, vaddr_end, next_vaddr, npages, size;
> + unsigned long vaddr, vaddr_end, next_vaddr, npages, pages, size, i;
> struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
> struct kvm_sev_launch_update_data params;
> struct sev_data_launch_update_data *data;
> struct page **inpages;
> - int i, ret, pages;
> + int ret;
>
> if (!sev_guest(kvm))
> return -ENOTTY;
>
I had missed it, and now I've queued it.
Paolo
Powered by blists - more mailing lists