| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ce11001e-dbe5-8694-71a5-841f4d614456@arm.com>
Date: Wed, 8 Feb 2023 11:51:30 +0000
From: Steven Price <steven.price@....com>
To: Cornelia Huck <cohuck@...hat.com>, Gavin Shan <gshan@...hat.com>,
Thomas Huth <thuth@...hat.com>, kvm@...r.kernel.org,
Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>
Cc: kvmarm@...ts.linux.dev, linux-kernel@...r.kernel.org,
kvm-riscv@...ts.infradead.org, Marc Zyngier <maz@...nel.org>,
James Morse <james.morse@....com>,
Suzuki K Poulose <suzuki.poulose@....com>,
Oliver Upton <oliver.upton@...ux.dev>,
Zenghui Yu <yuzenghui@...wei.com>,
Christian Borntraeger <borntraeger@...ux.ibm.com>,
Janosch Frank <frankja@...ux.ibm.com>,
Claudio Imbrenda <imbrenda@...ux.ibm.com>,
David Hildenbrand <david@...hat.com>,
linuxppc-dev@...ts.ozlabs.org, Eric Auger <eric.auger@...hat.com>
Subject: Re: [PATCH 6/7] KVM: arm64: Change return type of
kvm_vm_ioctl_mte_copy_tags() to "int"
On 08/02/2023 08:49, Cornelia Huck wrote:
> On Wed, Feb 08 2023, Gavin Shan <gshan@...hat.com> wrote:
>
>> On 2/7/23 9:09 PM, Thomas Huth wrote:
>>> Oh, drat, I thought I had checked all return statements ... this must have fallen through the cracks, sorry!
>>>
>>> Anyway, this is already a problem now: The function is called from kvm_arch_vm_ioctl() (which still returns a long), which in turn is called from kvm_vm_ioctl() in virt/kvm/kvm_main.c. And that functions stores the return value in an "int r" variable. So the upper bits are already lost there.
Sorry about that, I was caught out by kvm_arch_vm_ioctl() returning long...
>>> Also, how is this supposed to work from user space? The normal "ioctl()" libc function just returns an "int" ? Is this ioctl already used in a userspace application somewhere? ... at least in QEMU, I didn't spot it yet...
>>>
>
> We will need it in QEMU to implement migration with MTE (the current
> proposal simply adds a migration blocker when MTE is enabled, as there
> are various other things that need to be figured out for this to work.)
> But maybe other VMMs already use it (and have been lucky because they
> always dealt with shorter lengths?)
>
>>
>> The ioctl command KVM_ARM_MTE_COPY_TAGS was merged recently and not used
>> by QEMU yet. I think struct kvm_arm_copy_mte_tags::length needs to be
>> '__u32' instead of '__u64' in order to standardize the return value.
>> Something like below. Documentation/virt/kvm/api.rst::section-4.130
>> needs update accordingly.
>>
>> struct kvm_arm_copy_mte_tags {
>> __u64 guest_ipa;
>> __u32 pad;
>> __u32 length;
>> void __user *addr;
>> __u64 flags;
>> __u64 reserved[2];
>> };
>
> Can we do this in a more compatible way, as we are dealing with an API?
> Like returning -EINVAL if length is too big?
>
I agree the simplest fix for the problem is simply to reject any
lengths>INT_MAX:
diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c
index cf4c495a4321..94aed7ce85c4 100644
--- a/arch/arm64/kvm/guest.c
+++ b/arch/arm64/kvm/guest.c
@@ -1032,6 +1032,13 @@ long kvm_vm_ioctl_mte_copy_tags(struct kvm *kvm,
if (copy_tags->flags & ~KVM_ARM_TAGS_FROM_GUEST)
return -EINVAL;
+ /*
+ * ioctl returns int, so lengths above INT_MAX cannot be
+ * represented in the return value
+ */
+ if (length > INT_MAX)
+ return -EINVAL;
+
if (length & ~PAGE_MASK || guest_ipa & ~PAGE_MASK)
return -EINVAL;
This could also be fixed in a useable way by including a new flag which
returns the length in an output field of the ioctl structure. I'm
guessing a 2GB limit would be annoying to work around.
Steve
Powered by blists - more mailing lists