| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z2-j6ZCQbvfNP4z5@linux.dev> Date: Fri, 27 Dec 2024 23:09:00 -0800 From: Oliver Upton <oliver.upton@...ux.dev> To: Steven Davis <goldside000@...look.com> Cc: "maz@...nel.org" <maz@...nel.org>, "catalin.marinas@....com" <catalin.marinas@....com>, "will@...nel.org" <will@...nel.org>, "joey.gouly@....com" <joey.gouly@....com>, "suzuki.poulose@....com" <suzuki.poulose@....com>, "yuzenghui@...wei.com" <yuzenghui@...wei.com>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, "kvmarm@...ts.linux.dev" <kvmarm@...ts.linux.dev>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] arm64: kvm: Fix potential overflow in len On Sat, Dec 28, 2024 at 02:01:27AM +0000, Steven Davis wrote: > The MMIO sign-extension logic in kvm_handle_mmio_return can > trigger an integer overflow or undefined behavior when len > is invalid (e.g., len == 0 or len exceeds the size of unsigned > long). Specifically, the expression (len * 8) - 1 may result > in an out-of-bounds shift in the computation of the mask. I don't believe we need this. len is known to be nonzero and at most 8, which is already being tested for in the existing condition. See the definition of kvm_vcpu_dabt_get_as() if you're curious why that is. -- Thanks, Oliver
Powered by blists - more mailing lists