| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHTA-uZK_1A1tNa_GWzy010C32wN=6ePoAp0hGZ7FToRsyr4iA@mail.gmail.com>
Date: Thu, 6 Feb 2025 19:38:12 -0600
From: Mitchell Augustin <mitchell.augustin@...onical.com>
To: Alex Williamson <alex.williamson@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org, peterx@...hat.com,
clg@...hat.com
Subject: Re: [PATCH 1/5] vfio/type1: Catch zero from pin_user_pages_remote()
Reviewed-by: "Mitchell Augustin" <mitchell.augustin@...onical.com>
Tested-by: "Mitchell Augustin" <mitchell.augustin@...onical.com>
On Wed, Feb 5, 2025 at 5:18 PM Alex Williamson
<alex.williamson@...hat.com> wrote:
>
> pin_user_pages_remote() can currently return zero for invalid args
> or zero nr_pages, neither of which should ever happen. However
> vaddr_get_pfns() indicates it should only ever return a positive
> value or -errno and there's a theoretical case where this can slip
> through and be unhandled by callers. Therefore convert zero to
> -EFAULT.
>
> Signed-off-by: Alex Williamson <alex.williamson@...hat.com>
> ---
> drivers/vfio/vfio_iommu_type1.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
> index 50ebc9593c9d..119cf886d8c0 100644
> --- a/drivers/vfio/vfio_iommu_type1.c
> +++ b/drivers/vfio/vfio_iommu_type1.c
> @@ -564,6 +564,8 @@ static int vaddr_get_pfns(struct mm_struct *mm, unsigned long vaddr,
> if (ret > 0) {
> *pfn = page_to_pfn(pages[0]);
> goto done;
> + } else if (!ret) {
> + ret = -EFAULT;
> }
>
> vaddr = untagged_addr_remote(mm, vaddr);
> --
> 2.47.1
>
--
Mitchell Augustin
Software Engineer - Ubuntu Partner Engineering
Powered by blists - more mailing lists