lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 17 Feb 2024 11:03:05 +0800
From: maobibo <maobibo@...ngson.cn>
To: WANG Xuerui <kernel@...0n.name>, Paolo Bonzini <pbonzini@...hat.com>,
 Huacai Chen <chenhuacai@...nel.org>
Cc: Tianrui Zhao <zhaotianrui@...ngson.cn>, kvm@...r.kernel.org,
 loongarch@...ts.linux.dev, linux-kernel@...r.kernel.org,
 WANG Xuerui <git@...0n.name>
Subject: Re: [PATCH for-6.8 v3 1/3] LoongArch: KVM: Fix input validation of
 _kvm_get_cpucfg and kvm_check_cpucfg

Hi Xuerui,

Good catch, and thank for your patch.

On 2024/2/16 下午4:58, WANG Xuerui wrote:
> From: WANG Xuerui <git@...0n.name>
> 
> The range check for the CPUCFG ID is wrong (should have been a ||
> instead of &&); it is conceptually simpler to just express the check
> as another case of the switch statement on the ID. As it turns out to be
> the case, the userland (currently only the QEMU/KVM target code) expects
> to set CPUCFG IDs 0 to 20 inclusive, but only CPUCFG2 values are being
> validated.
> 
> Furthermore, the juggling of the temp return value is unnecessary,
> because it is semantically equivalent and more readable to just
> return at every switch case's end. This is done too to avoid potential
> bugs in the future related to the unwanted complexity.
> 
> Also, the return value of _kvm_get_cpucfg is meant to be checked, but
> this was not done, so bad CPUCFG IDs wrongly fall back to the default
> case and 0 is incorrectly returned; check the return value to fix the
> UAPI behavior.
> 
> While at it, also remove the redundant range check in kvm_check_cpucfg,
> because out-of-range CPUCFG IDs are already rejected by the -EINVAL
> as returned by _kvm_get_cpucfg.
> 
> Fixes: db1ecca22edf ("LoongArch: KVM: Add LSX (128bit SIMD) support")
> Signed-off-by: WANG Xuerui <git@...0n.name>
> ---
>   arch/loongarch/kvm/vcpu.c | 33 +++++++++++++++------------------
>   1 file changed, 15 insertions(+), 18 deletions(-)
> 
> diff --git a/arch/loongarch/kvm/vcpu.c b/arch/loongarch/kvm/vcpu.c
> index 27701991886d..56da0881fc94 100644
> --- a/arch/loongarch/kvm/vcpu.c
> +++ b/arch/loongarch/kvm/vcpu.c
> @@ -300,11 +300,6 @@ static int _kvm_setcsr(struct kvm_vcpu *vcpu, unsigned int id, u64 val)
>   
>   static int _kvm_get_cpucfg(int id, u64 *v)
>   {
> -	int ret = 0;
> -
> -	if (id < 0 && id >= KVM_MAX_CPUCFG_REGS)
> -		return -EINVAL;
> -
yes, it had better be removed since the same thing is done in function 
kvm_check_cpucfg().

>   	switch (id) {
>   	case 2:
>   		/* Return CPUCFG2 features which have been supported by KVM */
> @@ -324,31 +319,33 @@ static int _kvm_get_cpucfg(int id, u64 *v)
>   		if (cpu_has_lasx)
>   			*v |= CPUCFG2_LASX;
>   
> -		break;
> +		return 0;
> +	case 0 ... 1:
> +	case 3 ... KVM_MAX_CPUCFG_REGS - 1:
> +		/* no restrictions on other CPUCFG IDs' values */
> +		*v = U64_MAX;
> +		return 0;
how about something like this?
	default:
		/* no restrictions on other CPUCFG IDs' values */
		*v = U64_MAX;
		return 0;

Regards
Bibo Mao
>   	default:
> -		ret = -EINVAL;
> -		break;
> +		return -EINVAL;
>   	}
> -	return ret;
>   }
>   
>   static int kvm_check_cpucfg(int id, u64 val)
>   {
> -	u64 mask;
> -	int ret = 0;
> -
> -	if (id < 0 && id >= KVM_MAX_CPUCFG_REGS)
> -		return -EINVAL;
> +	u64 mask = 0;
> +	int ret;
>   
> -	if (_kvm_get_cpucfg(id, &mask))
> +	ret = _kvm_get_cpucfg(id, &mask);
> +	if (ret)
>   		return ret;
>   
> +	if (val & ~mask)
> +		/* Unsupported features should not be set */
> +		return -EINVAL;
> +
>   	switch (id) {
>   	case 2:
>   		/* CPUCFG2 features checking */
> -		if (val & ~mask)
> -			/* The unsupported features should not be set */
> -			ret = -EINVAL;
>   		else if (!(val & CPUCFG2_LLFTP))
>   			/* The LLFTP must be set, as guest must has a constant timer */
>   			ret = -EINVAL;
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ