| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20201005233739.2560641-2-sashal@kernel.org>
Date: Mon, 5 Oct 2020 19:37:39 -0400
From: Sasha Levin <sashal@...nel.org>
To: kys@...rosoft.com, haiyangz@...rosoft.com, sthemmin@...rosoft.com,
wei.liu@...nel.org
Cc: tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, x86@...nel.org,
hpa@...or.com, vkuznets@...hat.com, mikelley@...rosoft.com,
linux-hyperv@...r.kernel.org, linux-kernel@...r.kernel.org,
Sasha Levin <sashal@...nel.org>
Subject: [PATCH v2 2/2] x86/hyperv: add a bounds check to hv_cpu_number_to_vp_number()
We have code that calls into hv_cpu_number_to_vp_number() without
checking that the cpu number is valid, which would cause
hv_cpu_number_to_vp_number() to dereference invalid memory.
Instead, have hv_cpu_number_to_vp_number() fail gracefully and add a
warning to make sure we catch these issues quickly.
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
include/asm-generic/mshyperv.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/include/asm-generic/mshyperv.h b/include/asm-generic/mshyperv.h
index c5edc5e08b94f..c7d22cb8340ff 100644
--- a/include/asm-generic/mshyperv.h
+++ b/include/asm-generic/mshyperv.h
@@ -125,6 +125,9 @@ extern u32 hv_max_vp_index;
*/
static inline int hv_cpu_number_to_vp_number(int cpu_number)
{
+ if (WARN_ON_ONCE(cpu_number < 0 || cpu_number >= num_possible_cpus()))
+ return VP_INVAL;
+
return hv_vp_index[cpu_number];
}
--
2.25.1
Powered by blists - more mailing lists