| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Oct 2022 18:39:57 +0000
From: Sean Christopherson <seanjc@...gle.com>
To: Dan Carpenter <dan.carpenter@...cle.com>
Cc: kbuild@...ts.01.org, Oliver Upton <oupton@...gle.com>,
lkp@...el.com, kbuild-all@...ts.01.org,
linux-kernel@...r.kernel.org, Paolo Bonzini <pbonzini@...hat.com>
Subject: Re: [kbuild] arch/x86/kvm/x86.c:4988 kvm_arch_tsc_set_attr() warn:
check for integer overflow 'offset'
On Mon, Oct 10, 2022, Dan Carpenter wrote:
> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> head: 493ffd6605b2d3d4dc7008ab927dba319f36671f
> commit: 828ca89628bfcb1b8f27535025f69dd00eb55207 KVM: x86: Expose TSC offset controls to userspace
> config: x86_64-randconfig-m001-20221010
> compiler: gcc-11 (Debian 11.3.0-5) 11.3.0
>
> If you fix the issue, kindly add following tag where applicable
> | Reported-by: kernel test robot <lkp@...el.com>
> | Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
>
> smatch warnings:
> arch/x86/kvm/x86.c:4988 kvm_arch_tsc_set_attr() warn: check for integer overflow 'offset'
>
> vim +/offset +4988 arch/x86/kvm/x86.c
>
> 828ca89628bfcb Oliver Upton 2021-09-16 4962 static int kvm_arch_tsc_set_attr(struct kvm_vcpu *vcpu,
> 828ca89628bfcb Oliver Upton 2021-09-16 4963 struct kvm_device_attr *attr)
> 828ca89628bfcb Oliver Upton 2021-09-16 4964 {
> 828ca89628bfcb Oliver Upton 2021-09-16 4965 u64 __user *uaddr = (u64 __user *)(unsigned long)attr->addr;
> 828ca89628bfcb Oliver Upton 2021-09-16 4966 struct kvm *kvm = vcpu->kvm;
> 828ca89628bfcb Oliver Upton 2021-09-16 4967 int r;
> 828ca89628bfcb Oliver Upton 2021-09-16 4968
> 828ca89628bfcb Oliver Upton 2021-09-16 4969 if ((u64)(unsigned long)uaddr != attr->addr)
> 828ca89628bfcb Oliver Upton 2021-09-16 4970 return -EFAULT;
> 828ca89628bfcb Oliver Upton 2021-09-16 4971
> 828ca89628bfcb Oliver Upton 2021-09-16 4972 switch (attr->attr) {
> 828ca89628bfcb Oliver Upton 2021-09-16 4973 case KVM_VCPU_TSC_OFFSET: {
> 828ca89628bfcb Oliver Upton 2021-09-16 4974 u64 offset, tsc, ns;
> 828ca89628bfcb Oliver Upton 2021-09-16 4975 unsigned long flags;
> 828ca89628bfcb Oliver Upton 2021-09-16 4976 bool matched;
> 828ca89628bfcb Oliver Upton 2021-09-16 4977
> 828ca89628bfcb Oliver Upton 2021-09-16 4978 r = -EFAULT;
> 828ca89628bfcb Oliver Upton 2021-09-16 4979 if (get_user(offset, uaddr))
> 828ca89628bfcb Oliver Upton 2021-09-16 4980 break;
> 828ca89628bfcb Oliver Upton 2021-09-16 4981
> 828ca89628bfcb Oliver Upton 2021-09-16 4982 raw_spin_lock_irqsave(&kvm->arch.tsc_write_lock, flags);
> 828ca89628bfcb Oliver Upton 2021-09-16 4983
> 828ca89628bfcb Oliver Upton 2021-09-16 4984 matched = (vcpu->arch.virtual_tsc_khz &&
> 828ca89628bfcb Oliver Upton 2021-09-16 4985 kvm->arch.last_tsc_khz == vcpu->arch.virtual_tsc_khz &&
> 828ca89628bfcb Oliver Upton 2021-09-16 4986 kvm->arch.last_tsc_offset == offset);
> 828ca89628bfcb Oliver Upton 2021-09-16 4987
> 828ca89628bfcb Oliver Upton 2021-09-16 @4988 tsc = kvm_scale_tsc(vcpu, rdtsc(), vcpu->arch.l1_tsc_scaling_ratio) + offset;
>
> Smatch hates obvious user triggerable integer overflows... No checking
> on offset.
This is ok, and even necessary, e.g. if the host TSC > guest TSC. Is there anything
we can do in KVM to help Smatch avoid false positives? Or do you/Smatch already
maintain a list of known false positives?
Powered by blists - more mailing lists