lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat,  4 May 2019 12:25:14 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     linux-kernel@...r.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        stable@...r.kernel.org, Felix Wilhelm <fwilhelm@...gle.com>,
        Jim Mattson <jmattson@...gle.com>,
        Drew Schmitt <dasch@...gle.com>, Marc Orr <marcorr@...gle.com>,
        Peter Shier <pshier@...gle.com>,
        Krish Sadhukhan <krish.sadhukhan@...cle.com>,
        stable@....kernel.org, Paolo Bonzini <pbonzini@...hat.com>
Subject: [PATCH 5.0 29/32] KVM: nVMX: Fix size checks in vmx_set_nested_state

From: Jim Mattson <jmattson@...gle.com>

commit e8ab8d24b488632d07ce5ddb261f1d454114415b upstream.

The size checks in vmx_nested_state are wrong because the calculations
are made based on the size of a pointer to a struct kvm_nested_state
rather than the size of a struct kvm_nested_state.

Reported-by: Felix Wilhelm  <fwilhelm@...gle.com>
Signed-off-by: Jim Mattson <jmattson@...gle.com>
Reviewed-by: Drew Schmitt <dasch@...gle.com>
Reviewed-by: Marc Orr <marcorr@...gle.com>
Reviewed-by: Peter Shier <pshier@...gle.com>
Reviewed-by: Krish Sadhukhan <krish.sadhukhan@...cle.com>
Fixes: 8fcc4b5923af5de58b80b53a069453b135693304
Cc: stable@....kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

---
 arch/x86/kvm/vmx/nested.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -5407,7 +5407,7 @@ static int vmx_set_nested_state(struct k
 		return ret;
 
 	/* Empty 'VMXON' state is permitted */
-	if (kvm_state->size < sizeof(kvm_state) + sizeof(*vmcs12))
+	if (kvm_state->size < sizeof(*kvm_state) + sizeof(*vmcs12))
 		return 0;
 
 	if (kvm_state->vmx.vmcs_pa != -1ull) {
@@ -5451,7 +5451,7 @@ static int vmx_set_nested_state(struct k
 	    vmcs12->vmcs_link_pointer != -1ull) {
 		struct vmcs12 *shadow_vmcs12 = get_shadow_vmcs12(vcpu);
 
-		if (kvm_state->size < sizeof(kvm_state) + 2 * sizeof(*vmcs12))
+		if (kvm_state->size < sizeof(*kvm_state) + 2 * sizeof(*vmcs12))
 			return -EINVAL;
 
 		if (copy_from_user(shadow_vmcs12,

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ