lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 24 Jun 2021 20:19:08 +0200
From:   Paolo Bonzini <pbonzini@...hat.com>
To:     Sean Christopherson <seanjc@...gle.com>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>
Cc:     Vitaly Kuznetsov <vkuznets@...hat.com>,
        Wanpeng Li <wanpengli@...cent.com>,
        Jim Mattson <jmattson@...gle.com>,
        Joerg Roedel <joro@...tes.org>, kvm@...r.kernel.org,
        clang-built-linux@...glegroups.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] KVM: x86: Fix uninitialized return value bug in
 EXIT_HYPERCALL enabling

On 24/06/21 20:06, Sean Christopherson wrote:
> Zero out 'r' on success in the KVM_CAP_EXIT_HYPERCALL case.  As noted by
> clang, the happy path will return an uninitialized value:
> 
>    arch/x86/kvm/x86.c:5649:7: error: variable 'r' is used uninitialized
>     whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
>                    if (cap->args[0] & ~KVM_EXIT_HYPERCALL_VALID_MASK) {
>                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>    arch/x86/kvm/x86.c:5663:9: note: uninitialized use occurs here
>            return r;
>                 ^
>    arch/x86/kvm/x86.c:5649:3: note: remove the 'if' if its condition is always true
>                    if (cap->args[0] & ~KVM_EXIT_HYPERCALL_VALID_MASK) {
>                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>    arch/x86/kvm/x86.c:5540:7: note: initialize the variable 'r' to silence this warning
>            int r;
>                 ^
>                  = 0
> 
> Opportunistically move the "r = -EINVAL;" above the check to match the
> pattern used in almost all other cases.
> 
> Fixes: 0dbb11230437 ("KVM: X86: Introduce KVM_HC_MAP_GPA_RANGE hypercall")
> Signed-off-by: Sean Christopherson <seanjc@...gle.com>

Actually it was not that patch, but rather a botched conflict resolution 
when applying (too late at night) Aaron's emulation failure patch:

@@ -5647,6 +5648,9 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
                         break;
                 }
                 kvm->arch.hypercall_exit_enabled = cap->args[0];
+               break;
+       case KVM_CAP_EXIT_ON_EMULATION_FAILURE:
+               kvm->arch.exit_on_emulation_error = cap->args[0];
                 r = 0;
                 break;
         default:

I have already fixed this locally, though I haven't pushed it to kvm.git 
yet; my tests should finish running in about an hour, and then I'll push 
everything to kvm/next, except for the C bit fixes.

Paolo

> ---
>   arch/x86/kvm/x86.c | 7 ++++---
>   1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index e4cea00c49a3..647922ba97df 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -5646,11 +5646,12 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
>   			r = kvm_x86_ops.vm_copy_enc_context_from(kvm, cap->args[0]);
>   		return r;
>   	case KVM_CAP_EXIT_HYPERCALL:
> -		if (cap->args[0] & ~KVM_EXIT_HYPERCALL_VALID_MASK) {
> -			r = -EINVAL;
> +		r = -EINVAL;
> +		if (cap->args[0] & ~KVM_EXIT_HYPERCALL_VALID_MASK)
>   			break;
> -		}
> +
>   		kvm->arch.hypercall_exit_enabled = cap->args[0];
> +		r = 0;
>   		break;
>   	case KVM_CAP_EXIT_ON_EMULATION_FAILURE:
>   		kvm->arch.exit_on_emulation_error = cap->args[0];
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ