| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Feb 2024 16:58:20 +0800
From: WANG Xuerui <kernel@...0n.name>
To: Paolo Bonzini <pbonzini@...hat.com>,
Huacai Chen <chenhuacai@...nel.org>
Cc: Tianrui Zhao <zhaotianrui@...ngson.cn>,
Bibo Mao <maobibo@...ngson.cn>,
kvm@...r.kernel.org,
loongarch@...ts.linux.dev,
linux-kernel@...r.kernel.org,
WANG Xuerui <git@...0n.name>
Subject: [PATCH for-6.8 v3 1/3] LoongArch: KVM: Fix input validation of _kvm_get_cpucfg and kvm_check_cpucfg
From: WANG Xuerui <git@...0n.name>
The range check for the CPUCFG ID is wrong (should have been a ||
instead of &&); it is conceptually simpler to just express the check
as another case of the switch statement on the ID. As it turns out to be
the case, the userland (currently only the QEMU/KVM target code) expects
to set CPUCFG IDs 0 to 20 inclusive, but only CPUCFG2 values are being
validated.
Furthermore, the juggling of the temp return value is unnecessary,
because it is semantically equivalent and more readable to just
return at every switch case's end. This is done too to avoid potential
bugs in the future related to the unwanted complexity.
Also, the return value of _kvm_get_cpucfg is meant to be checked, but
this was not done, so bad CPUCFG IDs wrongly fall back to the default
case and 0 is incorrectly returned; check the return value to fix the
UAPI behavior.
While at it, also remove the redundant range check in kvm_check_cpucfg,
because out-of-range CPUCFG IDs are already rejected by the -EINVAL
as returned by _kvm_get_cpucfg.
Fixes: db1ecca22edf ("LoongArch: KVM: Add LSX (128bit SIMD) support")
Signed-off-by: WANG Xuerui <git@...0n.name>
---
arch/loongarch/kvm/vcpu.c | 33 +++++++++++++++------------------
1 file changed, 15 insertions(+), 18 deletions(-)
diff --git a/arch/loongarch/kvm/vcpu.c b/arch/loongarch/kvm/vcpu.c
index 27701991886d..56da0881fc94 100644
--- a/arch/loongarch/kvm/vcpu.c
+++ b/arch/loongarch/kvm/vcpu.c
@@ -300,11 +300,6 @@ static int _kvm_setcsr(struct kvm_vcpu *vcpu, unsigned int id, u64 val)
static int _kvm_get_cpucfg(int id, u64 *v)
{
- int ret = 0;
-
- if (id < 0 && id >= KVM_MAX_CPUCFG_REGS)
- return -EINVAL;
-
switch (id) {
case 2:
/* Return CPUCFG2 features which have been supported by KVM */
@@ -324,31 +319,33 @@ static int _kvm_get_cpucfg(int id, u64 *v)
if (cpu_has_lasx)
*v |= CPUCFG2_LASX;
- break;
+ return 0;
+ case 0 ... 1:
+ case 3 ... KVM_MAX_CPUCFG_REGS - 1:
+ /* no restrictions on other CPUCFG IDs' values */
+ *v = U64_MAX;
+ return 0;
default:
- ret = -EINVAL;
- break;
+ return -EINVAL;
}
- return ret;
}
static int kvm_check_cpucfg(int id, u64 val)
{
- u64 mask;
- int ret = 0;
-
- if (id < 0 && id >= KVM_MAX_CPUCFG_REGS)
- return -EINVAL;
+ u64 mask = 0;
+ int ret;
- if (_kvm_get_cpucfg(id, &mask))
+ ret = _kvm_get_cpucfg(id, &mask);
+ if (ret)
return ret;
+ if (val & ~mask)
+ /* Unsupported features should not be set */
+ return -EINVAL;
+
switch (id) {
case 2:
/* CPUCFG2 features checking */
- if (val & ~mask)
- /* The unsupported features should not be set */
- ret = -EINVAL;
else if (!(val & CPUCFG2_LLFTP))
/* The LLFTP must be set, as guest must has a constant timer */
ret = -EINVAL;
--
2.43.0
Powered by blists - more mailing lists