lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20210624180625.159495-1-seanjc@google.com>
Date:   Thu, 24 Jun 2021 11:06:25 -0700
From:   Sean Christopherson <seanjc@...gle.com>
To:     Paolo Bonzini <pbonzini@...hat.com>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>
Cc:     Sean Christopherson <seanjc@...gle.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Wanpeng Li <wanpengli@...cent.com>,
        Jim Mattson <jmattson@...gle.com>,
        Joerg Roedel <joro@...tes.org>, kvm@...r.kernel.org,
        clang-built-linux@...glegroups.com, linux-kernel@...r.kernel.org
Subject: [PATCH] KVM: x86: Fix uninitialized return value bug in
 EXIT_HYPERCALL enabling

Zero out 'r' on success in the KVM_CAP_EXIT_HYPERCALL case.  As noted by
clang, the happy path will return an uninitialized value:

  arch/x86/kvm/x86.c:5649:7: error: variable 'r' is used uninitialized
   whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
                  if (cap->args[0] & ~KVM_EXIT_HYPERCALL_VALID_MASK) {
                      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  arch/x86/kvm/x86.c:5663:9: note: uninitialized use occurs here
          return r;
               ^
  arch/x86/kvm/x86.c:5649:3: note: remove the 'if' if its condition is always true
                  if (cap->args[0] & ~KVM_EXIT_HYPERCALL_VALID_MASK) {
                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  arch/x86/kvm/x86.c:5540:7: note: initialize the variable 'r' to silence this warning
          int r;
               ^
                = 0

Opportunistically move the "r = -EINVAL;" above the check to match the
pattern used in almost all other cases.

Fixes: 0dbb11230437 ("KVM: X86: Introduce KVM_HC_MAP_GPA_RANGE hypercall")
Signed-off-by: Sean Christopherson <seanjc@...gle.com>
---
 arch/x86/kvm/x86.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index e4cea00c49a3..647922ba97df 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -5646,11 +5646,12 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
 			r = kvm_x86_ops.vm_copy_enc_context_from(kvm, cap->args[0]);
 		return r;
 	case KVM_CAP_EXIT_HYPERCALL:
-		if (cap->args[0] & ~KVM_EXIT_HYPERCALL_VALID_MASK) {
-			r = -EINVAL;
+		r = -EINVAL;
+		if (cap->args[0] & ~KVM_EXIT_HYPERCALL_VALID_MASK)
 			break;
-		}
+
 		kvm->arch.hypercall_exit_enabled = cap->args[0];
+		r = 0;
 		break;
 	case KVM_CAP_EXIT_ON_EMULATION_FAILURE:
 		kvm->arch.exit_on_emulation_error = cap->args[0];
-- 
2.32.0.93.g670b81a890-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ