From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild@lists.01.org
Subject: Re: [PATCH v3 02/12] KVM: x86: Introduce allow list for MSR emulation
Date: Mon, 31 Aug 2020 13:39:33 +0300 [thread overview]
Message-ID: <20200831103933.GF8299@kadam> (raw)
In-Reply-To: <20200818211533.849501-3-aaronlewis@google.com>
[-- Attachment #1: Type: text/plain, Size: 6650 bytes --]
Hi Aaron,
url: https://github.com/0day-ci/linux/commits/Aaron-Lewis/Allow-userspace-to-manage-MSRs/20200819-051903
base: https://git.kernel.org/pub/scm/virt/kvm/kvm.git linux-next
config: x86_64-randconfig-m001-20200827 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
arch/x86/kvm/x86.c:5248 kvm_vm_ioctl_add_msr_allowlist() error: 'bitmap' dereferencing possible ERR_PTR()
# https://github.com/0day-ci/linux/commit/107c87325cf461b7b1bd07bb6ddbaf808a8d8a2a
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Aaron-Lewis/Allow-userspace-to-manage-MSRs/20200819-051903
git checkout 107c87325cf461b7b1bd07bb6ddbaf808a8d8a2a
vim +/bitmap +5248 arch/x86/kvm/x86.c
107c87325cf461 Aaron Lewis 2020-08-18 5181 static int kvm_vm_ioctl_add_msr_allowlist(struct kvm *kvm, void __user *argp)
107c87325cf461 Aaron Lewis 2020-08-18 5182 {
107c87325cf461 Aaron Lewis 2020-08-18 5183 struct msr_bitmap_range *ranges = kvm->arch.msr_allowlist_ranges;
107c87325cf461 Aaron Lewis 2020-08-18 5184 struct kvm_msr_allowlist __user *user_msr_allowlist = argp;
107c87325cf461 Aaron Lewis 2020-08-18 5185 struct msr_bitmap_range range;
107c87325cf461 Aaron Lewis 2020-08-18 5186 struct kvm_msr_allowlist kernel_msr_allowlist;
107c87325cf461 Aaron Lewis 2020-08-18 5187 unsigned long *bitmap = NULL;
107c87325cf461 Aaron Lewis 2020-08-18 5188 size_t bitmap_size;
107c87325cf461 Aaron Lewis 2020-08-18 5189 int r = 0;
107c87325cf461 Aaron Lewis 2020-08-18 5190
107c87325cf461 Aaron Lewis 2020-08-18 5191 if (copy_from_user(&kernel_msr_allowlist, user_msr_allowlist,
107c87325cf461 Aaron Lewis 2020-08-18 5192 sizeof(kernel_msr_allowlist))) {
107c87325cf461 Aaron Lewis 2020-08-18 5193 r = -EFAULT;
107c87325cf461 Aaron Lewis 2020-08-18 5194 goto out;
107c87325cf461 Aaron Lewis 2020-08-18 5195 }
107c87325cf461 Aaron Lewis 2020-08-18 5196
107c87325cf461 Aaron Lewis 2020-08-18 5197 bitmap_size = BITS_TO_LONGS(kernel_msr_allowlist.nmsrs) * sizeof(long);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^n
On 32 bit systems the BITS_TO_LONGS() can integer overflow if
kernel_msr_allowlist.nmsrs is larger than ULONG_MAX - bits_per_long. In
that case bitmap_size is zero.
107c87325cf461 Aaron Lewis 2020-08-18 5198 if (bitmap_size > KVM_MSR_ALLOWLIST_MAX_LEN) {
107c87325cf461 Aaron Lewis 2020-08-18 5199 r = -EINVAL;
107c87325cf461 Aaron Lewis 2020-08-18 5200 goto out;
107c87325cf461 Aaron Lewis 2020-08-18 5201 }
107c87325cf461 Aaron Lewis 2020-08-18 5202
107c87325cf461 Aaron Lewis 2020-08-18 5203 bitmap = memdup_user(user_msr_allowlist->bitmap, bitmap_size);
107c87325cf461 Aaron Lewis 2020-08-18 5204 if (IS_ERR(bitmap)) {
107c87325cf461 Aaron Lewis 2020-08-18 5205 r = PTR_ERR(bitmap);
107c87325cf461 Aaron Lewis 2020-08-18 5206 goto out;
^^^^^^^^
"out" is always a vague label name. It's better style to return
directly instead of doing a complicated no-op.
if (IS_ERR(bitmap))
return PTR_ERR(bitmap);
107c87325cf461 Aaron Lewis 2020-08-18 5207 }
107c87325cf461 Aaron Lewis 2020-08-18 5208
107c87325cf461 Aaron Lewis 2020-08-18 5209 range = (struct msr_bitmap_range) {
107c87325cf461 Aaron Lewis 2020-08-18 5210 .flags = kernel_msr_allowlist.flags,
107c87325cf461 Aaron Lewis 2020-08-18 5211 .base = kernel_msr_allowlist.base,
107c87325cf461 Aaron Lewis 2020-08-18 5212 .nmsrs = kernel_msr_allowlist.nmsrs,
107c87325cf461 Aaron Lewis 2020-08-18 5213 .bitmap = bitmap,
In case of overflow then "bitmap" is 0x16 and .nmsrs is a very high
number.
107c87325cf461 Aaron Lewis 2020-08-18 5214 };
107c87325cf461 Aaron Lewis 2020-08-18 5215
107c87325cf461 Aaron Lewis 2020-08-18 5216 if (range.flags & ~(KVM_MSR_ALLOW_READ | KVM_MSR_ALLOW_WRITE)) {
107c87325cf461 Aaron Lewis 2020-08-18 5217 r = -EINVAL;
107c87325cf461 Aaron Lewis 2020-08-18 5218 goto out;
107c87325cf461 Aaron Lewis 2020-08-18 5219 }
107c87325cf461 Aaron Lewis 2020-08-18 5220
107c87325cf461 Aaron Lewis 2020-08-18 5221 /*
107c87325cf461 Aaron Lewis 2020-08-18 5222 * Protect from concurrent calls to this function that could trigger
107c87325cf461 Aaron Lewis 2020-08-18 5223 * a TOCTOU violation on kvm->arch.msr_allowlist_ranges_count.
107c87325cf461 Aaron Lewis 2020-08-18 5224 */
107c87325cf461 Aaron Lewis 2020-08-18 5225 mutex_lock(&kvm->lock);
107c87325cf461 Aaron Lewis 2020-08-18 5226
107c87325cf461 Aaron Lewis 2020-08-18 5227 if (kvm->arch.msr_allowlist_ranges_count >=
107c87325cf461 Aaron Lewis 2020-08-18 5228 ARRAY_SIZE(kvm->arch.msr_allowlist_ranges)) {
107c87325cf461 Aaron Lewis 2020-08-18 5229 r = -E2BIG;
107c87325cf461 Aaron Lewis 2020-08-18 5230 goto out_locked;
107c87325cf461 Aaron Lewis 2020-08-18 5231 }
107c87325cf461 Aaron Lewis 2020-08-18 5232
107c87325cf461 Aaron Lewis 2020-08-18 5233 if (msr_range_overlaps(kvm, &range)) {
107c87325cf461 Aaron Lewis 2020-08-18 5234 r = -EINVAL;
107c87325cf461 Aaron Lewis 2020-08-18 5235 goto out_locked;
107c87325cf461 Aaron Lewis 2020-08-18 5236 }
107c87325cf461 Aaron Lewis 2020-08-18 5237
107c87325cf461 Aaron Lewis 2020-08-18 5238 /* Everything ok, add this range identifier to our global pool */
107c87325cf461 Aaron Lewis 2020-08-18 5239 ranges[kvm->arch.msr_allowlist_ranges_count] = range;
107c87325cf461 Aaron Lewis 2020-08-18 5240 /* Make sure we filled the array before we tell anyone to walk it */
107c87325cf461 Aaron Lewis 2020-08-18 5241 smp_wmb();
107c87325cf461 Aaron Lewis 2020-08-18 5242 kvm->arch.msr_allowlist_ranges_count++;
107c87325cf461 Aaron Lewis 2020-08-18 5243
107c87325cf461 Aaron Lewis 2020-08-18 5244 out_locked:
107c87325cf461 Aaron Lewis 2020-08-18 5245 mutex_unlock(&kvm->lock);
107c87325cf461 Aaron Lewis 2020-08-18 5246 out:
107c87325cf461 Aaron Lewis 2020-08-18 5247 if (r)
107c87325cf461 Aaron Lewis 2020-08-18 @5248 kfree(bitmap);
107c87325cf461 Aaron Lewis 2020-08-18 5249
107c87325cf461 Aaron Lewis 2020-08-18 5250 return r;
107c87325cf461 Aaron Lewis 2020-08-18 5251 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 43464 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild@lists.01.org, Aaron Lewis <aaronlewis@google.com>,
jmattson@google.com, graf@amazon.com
Cc: lkp@intel.com, kbuild-all@lists.01.org, pshier@google.com,
oupton@google.com, kvm@vger.kernel.org,
Aaron Lewis <aaronlewis@google.com>,
KarimAllah Ahmed <karahmed@amazon.de>
Subject: Re: [PATCH v3 02/12] KVM: x86: Introduce allow list for MSR emulation
Date: Mon, 31 Aug 2020 13:39:33 +0300 [thread overview]
Message-ID: <20200831103933.GF8299@kadam> (raw)
In-Reply-To: <20200818211533.849501-3-aaronlewis@google.com>
[-- Attachment #1: Type: text/plain, Size: 6537 bytes --]
Hi Aaron,
url: https://github.com/0day-ci/linux/commits/Aaron-Lewis/Allow-userspace-to-manage-MSRs/20200819-051903
base: https://git.kernel.org/pub/scm/virt/kvm/kvm.git linux-next
config: x86_64-randconfig-m001-20200827 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
arch/x86/kvm/x86.c:5248 kvm_vm_ioctl_add_msr_allowlist() error: 'bitmap' dereferencing possible ERR_PTR()
# https://github.com/0day-ci/linux/commit/107c87325cf461b7b1bd07bb6ddbaf808a8d8a2a
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Aaron-Lewis/Allow-userspace-to-manage-MSRs/20200819-051903
git checkout 107c87325cf461b7b1bd07bb6ddbaf808a8d8a2a
vim +/bitmap +5248 arch/x86/kvm/x86.c
107c87325cf461 Aaron Lewis 2020-08-18 5181 static int kvm_vm_ioctl_add_msr_allowlist(struct kvm *kvm, void __user *argp)
107c87325cf461 Aaron Lewis 2020-08-18 5182 {
107c87325cf461 Aaron Lewis 2020-08-18 5183 struct msr_bitmap_range *ranges = kvm->arch.msr_allowlist_ranges;
107c87325cf461 Aaron Lewis 2020-08-18 5184 struct kvm_msr_allowlist __user *user_msr_allowlist = argp;
107c87325cf461 Aaron Lewis 2020-08-18 5185 struct msr_bitmap_range range;
107c87325cf461 Aaron Lewis 2020-08-18 5186 struct kvm_msr_allowlist kernel_msr_allowlist;
107c87325cf461 Aaron Lewis 2020-08-18 5187 unsigned long *bitmap = NULL;
107c87325cf461 Aaron Lewis 2020-08-18 5188 size_t bitmap_size;
107c87325cf461 Aaron Lewis 2020-08-18 5189 int r = 0;
107c87325cf461 Aaron Lewis 2020-08-18 5190
107c87325cf461 Aaron Lewis 2020-08-18 5191 if (copy_from_user(&kernel_msr_allowlist, user_msr_allowlist,
107c87325cf461 Aaron Lewis 2020-08-18 5192 sizeof(kernel_msr_allowlist))) {
107c87325cf461 Aaron Lewis 2020-08-18 5193 r = -EFAULT;
107c87325cf461 Aaron Lewis 2020-08-18 5194 goto out;
107c87325cf461 Aaron Lewis 2020-08-18 5195 }
107c87325cf461 Aaron Lewis 2020-08-18 5196
107c87325cf461 Aaron Lewis 2020-08-18 5197 bitmap_size = BITS_TO_LONGS(kernel_msr_allowlist.nmsrs) * sizeof(long);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^n
On 32 bit systems the BITS_TO_LONGS() can integer overflow if
kernel_msr_allowlist.nmsrs is larger than ULONG_MAX - bits_per_long. In
that case bitmap_size is zero.
107c87325cf461 Aaron Lewis 2020-08-18 5198 if (bitmap_size > KVM_MSR_ALLOWLIST_MAX_LEN) {
107c87325cf461 Aaron Lewis 2020-08-18 5199 r = -EINVAL;
107c87325cf461 Aaron Lewis 2020-08-18 5200 goto out;
107c87325cf461 Aaron Lewis 2020-08-18 5201 }
107c87325cf461 Aaron Lewis 2020-08-18 5202
107c87325cf461 Aaron Lewis 2020-08-18 5203 bitmap = memdup_user(user_msr_allowlist->bitmap, bitmap_size);
107c87325cf461 Aaron Lewis 2020-08-18 5204 if (IS_ERR(bitmap)) {
107c87325cf461 Aaron Lewis 2020-08-18 5205 r = PTR_ERR(bitmap);
107c87325cf461 Aaron Lewis 2020-08-18 5206 goto out;
^^^^^^^^
"out" is always a vague label name. It's better style to return
directly instead of doing a complicated no-op.
if (IS_ERR(bitmap))
return PTR_ERR(bitmap);
107c87325cf461 Aaron Lewis 2020-08-18 5207 }
107c87325cf461 Aaron Lewis 2020-08-18 5208
107c87325cf461 Aaron Lewis 2020-08-18 5209 range = (struct msr_bitmap_range) {
107c87325cf461 Aaron Lewis 2020-08-18 5210 .flags = kernel_msr_allowlist.flags,
107c87325cf461 Aaron Lewis 2020-08-18 5211 .base = kernel_msr_allowlist.base,
107c87325cf461 Aaron Lewis 2020-08-18 5212 .nmsrs = kernel_msr_allowlist.nmsrs,
107c87325cf461 Aaron Lewis 2020-08-18 5213 .bitmap = bitmap,
In case of overflow then "bitmap" is 0x16 and .nmsrs is a very high
number.
107c87325cf461 Aaron Lewis 2020-08-18 5214 };
107c87325cf461 Aaron Lewis 2020-08-18 5215
107c87325cf461 Aaron Lewis 2020-08-18 5216 if (range.flags & ~(KVM_MSR_ALLOW_READ | KVM_MSR_ALLOW_WRITE)) {
107c87325cf461 Aaron Lewis 2020-08-18 5217 r = -EINVAL;
107c87325cf461 Aaron Lewis 2020-08-18 5218 goto out;
107c87325cf461 Aaron Lewis 2020-08-18 5219 }
107c87325cf461 Aaron Lewis 2020-08-18 5220
107c87325cf461 Aaron Lewis 2020-08-18 5221 /*
107c87325cf461 Aaron Lewis 2020-08-18 5222 * Protect from concurrent calls to this function that could trigger
107c87325cf461 Aaron Lewis 2020-08-18 5223 * a TOCTOU violation on kvm->arch.msr_allowlist_ranges_count.
107c87325cf461 Aaron Lewis 2020-08-18 5224 */
107c87325cf461 Aaron Lewis 2020-08-18 5225 mutex_lock(&kvm->lock);
107c87325cf461 Aaron Lewis 2020-08-18 5226
107c87325cf461 Aaron Lewis 2020-08-18 5227 if (kvm->arch.msr_allowlist_ranges_count >=
107c87325cf461 Aaron Lewis 2020-08-18 5228 ARRAY_SIZE(kvm->arch.msr_allowlist_ranges)) {
107c87325cf461 Aaron Lewis 2020-08-18 5229 r = -E2BIG;
107c87325cf461 Aaron Lewis 2020-08-18 5230 goto out_locked;
107c87325cf461 Aaron Lewis 2020-08-18 5231 }
107c87325cf461 Aaron Lewis 2020-08-18 5232
107c87325cf461 Aaron Lewis 2020-08-18 5233 if (msr_range_overlaps(kvm, &range)) {
107c87325cf461 Aaron Lewis 2020-08-18 5234 r = -EINVAL;
107c87325cf461 Aaron Lewis 2020-08-18 5235 goto out_locked;
107c87325cf461 Aaron Lewis 2020-08-18 5236 }
107c87325cf461 Aaron Lewis 2020-08-18 5237
107c87325cf461 Aaron Lewis 2020-08-18 5238 /* Everything ok, add this range identifier to our global pool */
107c87325cf461 Aaron Lewis 2020-08-18 5239 ranges[kvm->arch.msr_allowlist_ranges_count] = range;
107c87325cf461 Aaron Lewis 2020-08-18 5240 /* Make sure we filled the array before we tell anyone to walk it */
107c87325cf461 Aaron Lewis 2020-08-18 5241 smp_wmb();
107c87325cf461 Aaron Lewis 2020-08-18 5242 kvm->arch.msr_allowlist_ranges_count++;
107c87325cf461 Aaron Lewis 2020-08-18 5243
107c87325cf461 Aaron Lewis 2020-08-18 5244 out_locked:
107c87325cf461 Aaron Lewis 2020-08-18 5245 mutex_unlock(&kvm->lock);
107c87325cf461 Aaron Lewis 2020-08-18 5246 out:
107c87325cf461 Aaron Lewis 2020-08-18 5247 if (r)
107c87325cf461 Aaron Lewis 2020-08-18 @5248 kfree(bitmap);
107c87325cf461 Aaron Lewis 2020-08-18 5249
107c87325cf461 Aaron Lewis 2020-08-18 5250 return r;
107c87325cf461 Aaron Lewis 2020-08-18 5251 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 43464 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild-all@lists.01.org
Subject: Re: [PATCH v3 02/12] KVM: x86: Introduce allow list for MSR emulation
Date: Mon, 31 Aug 2020 13:39:33 +0300 [thread overview]
Message-ID: <20200831103933.GF8299@kadam> (raw)
In-Reply-To: <20200818211533.849501-3-aaronlewis@google.com>
[-- Attachment #1: Type: text/plain, Size: 6650 bytes --]
Hi Aaron,
url: https://github.com/0day-ci/linux/commits/Aaron-Lewis/Allow-userspace-to-manage-MSRs/20200819-051903
base: https://git.kernel.org/pub/scm/virt/kvm/kvm.git linux-next
config: x86_64-randconfig-m001-20200827 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
arch/x86/kvm/x86.c:5248 kvm_vm_ioctl_add_msr_allowlist() error: 'bitmap' dereferencing possible ERR_PTR()
# https://github.com/0day-ci/linux/commit/107c87325cf461b7b1bd07bb6ddbaf808a8d8a2a
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Aaron-Lewis/Allow-userspace-to-manage-MSRs/20200819-051903
git checkout 107c87325cf461b7b1bd07bb6ddbaf808a8d8a2a
vim +/bitmap +5248 arch/x86/kvm/x86.c
107c87325cf461 Aaron Lewis 2020-08-18 5181 static int kvm_vm_ioctl_add_msr_allowlist(struct kvm *kvm, void __user *argp)
107c87325cf461 Aaron Lewis 2020-08-18 5182 {
107c87325cf461 Aaron Lewis 2020-08-18 5183 struct msr_bitmap_range *ranges = kvm->arch.msr_allowlist_ranges;
107c87325cf461 Aaron Lewis 2020-08-18 5184 struct kvm_msr_allowlist __user *user_msr_allowlist = argp;
107c87325cf461 Aaron Lewis 2020-08-18 5185 struct msr_bitmap_range range;
107c87325cf461 Aaron Lewis 2020-08-18 5186 struct kvm_msr_allowlist kernel_msr_allowlist;
107c87325cf461 Aaron Lewis 2020-08-18 5187 unsigned long *bitmap = NULL;
107c87325cf461 Aaron Lewis 2020-08-18 5188 size_t bitmap_size;
107c87325cf461 Aaron Lewis 2020-08-18 5189 int r = 0;
107c87325cf461 Aaron Lewis 2020-08-18 5190
107c87325cf461 Aaron Lewis 2020-08-18 5191 if (copy_from_user(&kernel_msr_allowlist, user_msr_allowlist,
107c87325cf461 Aaron Lewis 2020-08-18 5192 sizeof(kernel_msr_allowlist))) {
107c87325cf461 Aaron Lewis 2020-08-18 5193 r = -EFAULT;
107c87325cf461 Aaron Lewis 2020-08-18 5194 goto out;
107c87325cf461 Aaron Lewis 2020-08-18 5195 }
107c87325cf461 Aaron Lewis 2020-08-18 5196
107c87325cf461 Aaron Lewis 2020-08-18 5197 bitmap_size = BITS_TO_LONGS(kernel_msr_allowlist.nmsrs) * sizeof(long);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^n
On 32 bit systems the BITS_TO_LONGS() can integer overflow if
kernel_msr_allowlist.nmsrs is larger than ULONG_MAX - bits_per_long. In
that case bitmap_size is zero.
107c87325cf461 Aaron Lewis 2020-08-18 5198 if (bitmap_size > KVM_MSR_ALLOWLIST_MAX_LEN) {
107c87325cf461 Aaron Lewis 2020-08-18 5199 r = -EINVAL;
107c87325cf461 Aaron Lewis 2020-08-18 5200 goto out;
107c87325cf461 Aaron Lewis 2020-08-18 5201 }
107c87325cf461 Aaron Lewis 2020-08-18 5202
107c87325cf461 Aaron Lewis 2020-08-18 5203 bitmap = memdup_user(user_msr_allowlist->bitmap, bitmap_size);
107c87325cf461 Aaron Lewis 2020-08-18 5204 if (IS_ERR(bitmap)) {
107c87325cf461 Aaron Lewis 2020-08-18 5205 r = PTR_ERR(bitmap);
107c87325cf461 Aaron Lewis 2020-08-18 5206 goto out;
^^^^^^^^
"out" is always a vague label name. It's better style to return
directly instead of doing a complicated no-op.
if (IS_ERR(bitmap))
return PTR_ERR(bitmap);
107c87325cf461 Aaron Lewis 2020-08-18 5207 }
107c87325cf461 Aaron Lewis 2020-08-18 5208
107c87325cf461 Aaron Lewis 2020-08-18 5209 range = (struct msr_bitmap_range) {
107c87325cf461 Aaron Lewis 2020-08-18 5210 .flags = kernel_msr_allowlist.flags,
107c87325cf461 Aaron Lewis 2020-08-18 5211 .base = kernel_msr_allowlist.base,
107c87325cf461 Aaron Lewis 2020-08-18 5212 .nmsrs = kernel_msr_allowlist.nmsrs,
107c87325cf461 Aaron Lewis 2020-08-18 5213 .bitmap = bitmap,
In case of overflow then "bitmap" is 0x16 and .nmsrs is a very high
number.
107c87325cf461 Aaron Lewis 2020-08-18 5214 };
107c87325cf461 Aaron Lewis 2020-08-18 5215
107c87325cf461 Aaron Lewis 2020-08-18 5216 if (range.flags & ~(KVM_MSR_ALLOW_READ | KVM_MSR_ALLOW_WRITE)) {
107c87325cf461 Aaron Lewis 2020-08-18 5217 r = -EINVAL;
107c87325cf461 Aaron Lewis 2020-08-18 5218 goto out;
107c87325cf461 Aaron Lewis 2020-08-18 5219 }
107c87325cf461 Aaron Lewis 2020-08-18 5220
107c87325cf461 Aaron Lewis 2020-08-18 5221 /*
107c87325cf461 Aaron Lewis 2020-08-18 5222 * Protect from concurrent calls to this function that could trigger
107c87325cf461 Aaron Lewis 2020-08-18 5223 * a TOCTOU violation on kvm->arch.msr_allowlist_ranges_count.
107c87325cf461 Aaron Lewis 2020-08-18 5224 */
107c87325cf461 Aaron Lewis 2020-08-18 5225 mutex_lock(&kvm->lock);
107c87325cf461 Aaron Lewis 2020-08-18 5226
107c87325cf461 Aaron Lewis 2020-08-18 5227 if (kvm->arch.msr_allowlist_ranges_count >=
107c87325cf461 Aaron Lewis 2020-08-18 5228 ARRAY_SIZE(kvm->arch.msr_allowlist_ranges)) {
107c87325cf461 Aaron Lewis 2020-08-18 5229 r = -E2BIG;
107c87325cf461 Aaron Lewis 2020-08-18 5230 goto out_locked;
107c87325cf461 Aaron Lewis 2020-08-18 5231 }
107c87325cf461 Aaron Lewis 2020-08-18 5232
107c87325cf461 Aaron Lewis 2020-08-18 5233 if (msr_range_overlaps(kvm, &range)) {
107c87325cf461 Aaron Lewis 2020-08-18 5234 r = -EINVAL;
107c87325cf461 Aaron Lewis 2020-08-18 5235 goto out_locked;
107c87325cf461 Aaron Lewis 2020-08-18 5236 }
107c87325cf461 Aaron Lewis 2020-08-18 5237
107c87325cf461 Aaron Lewis 2020-08-18 5238 /* Everything ok, add this range identifier to our global pool */
107c87325cf461 Aaron Lewis 2020-08-18 5239 ranges[kvm->arch.msr_allowlist_ranges_count] = range;
107c87325cf461 Aaron Lewis 2020-08-18 5240 /* Make sure we filled the array before we tell anyone to walk it */
107c87325cf461 Aaron Lewis 2020-08-18 5241 smp_wmb();
107c87325cf461 Aaron Lewis 2020-08-18 5242 kvm->arch.msr_allowlist_ranges_count++;
107c87325cf461 Aaron Lewis 2020-08-18 5243
107c87325cf461 Aaron Lewis 2020-08-18 5244 out_locked:
107c87325cf461 Aaron Lewis 2020-08-18 5245 mutex_unlock(&kvm->lock);
107c87325cf461 Aaron Lewis 2020-08-18 5246 out:
107c87325cf461 Aaron Lewis 2020-08-18 5247 if (r)
107c87325cf461 Aaron Lewis 2020-08-18 @5248 kfree(bitmap);
107c87325cf461 Aaron Lewis 2020-08-18 5249
107c87325cf461 Aaron Lewis 2020-08-18 5250 return r;
107c87325cf461 Aaron Lewis 2020-08-18 5251 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 43464 bytes --]
next prev parent reply other threads:[~2020-08-31 10:39 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-18 21:15 [PATCH v3 00/12] Allow userspace to manage MSRs Aaron Lewis
2020-08-18 21:15 ` [PATCH v3 01/12] KVM: x86: Deflect unknown MSR accesses to user space Aaron Lewis
2020-08-19 8:42 ` Alexander Graf
2020-08-18 21:15 ` [PATCH v3 02/12] KVM: x86: Introduce allow list for MSR emulation Aaron Lewis
2020-08-19 8:53 ` Alexander Graf
2020-08-31 10:39 ` Dan Carpenter [this message]
2020-08-31 10:39 ` Dan Carpenter
2020-08-31 10:39 ` Dan Carpenter
2020-09-01 19:13 ` Alexander Graf
2020-09-02 7:31 ` Dan Carpenter
2020-09-02 7:31 ` Dan Carpenter
2020-09-02 7:31 ` Dan Carpenter
2020-08-18 21:15 ` [PATCH v3 03/12] KVM: selftests: Add test for user space MSR handling Aaron Lewis
2020-08-18 21:15 ` [PATCH v3 04/12] KVM: x86: Add ioctl for accepting a userspace provided MSR list Aaron Lewis
2020-08-19 9:00 ` Alexander Graf
2020-08-20 17:30 ` Jim Mattson
2020-08-20 21:49 ` Alexander Graf
2020-08-20 22:28 ` Jim Mattson
2020-08-18 21:15 ` [PATCH v3 05/12] KVM: x86: Add support for exiting to userspace on rdmsr or wrmsr Aaron Lewis
2020-08-19 10:25 ` Alexander Graf
2020-08-20 18:17 ` Jim Mattson
2020-08-20 21:59 ` Alexander Graf
2020-08-20 22:55 ` Jim Mattson
2020-08-21 17:58 ` Jim Mattson
2020-08-24 1:35 ` Alexander Graf
2020-08-24 17:23 ` Jim Mattson
2020-08-24 18:09 ` Alexander Graf
2020-08-24 18:34 ` Jim Mattson
2020-08-18 21:15 ` [PATCH v3 06/12] KVM: x86: Prepare MSR bitmaps for userspace tracked MSRs Aaron Lewis
2020-08-18 21:15 ` [PATCH v3 07/12] KVM: x86: Ensure the MSR bitmap never clears " Aaron Lewis
2020-08-19 1:12 ` kernel test robot
2020-08-19 1:12 ` kernel test robot
2020-08-19 1:12 ` [RFC PATCH] KVM: x86: vmx_set_user_msr_intercept() can be static kernel test robot
2020-08-19 1:12 ` kernel test robot
2020-08-19 15:26 ` [PATCH v3 07/12] KVM: x86: Ensure the MSR bitmap never clears userspace tracked MSRs Alexander Graf
2020-08-20 0:18 ` Aaron Lewis
2020-08-20 22:04 ` Alexander Graf
2020-08-20 22:35 ` Jim Mattson
2020-08-21 14:27 ` Aaron Lewis
2020-08-21 16:07 ` Alexander Graf
2020-08-21 16:43 ` Aaron Lewis
2020-08-26 15:48 ` kernel test robot
2020-08-26 15:48 ` kernel test robot
2020-08-18 21:15 ` [PATCH v3 08/12] selftests: kvm: Fix the segment descriptor layout to match the actual layout Aaron Lewis
2020-08-18 21:15 ` [PATCH v3 09/12] selftests: kvm: Clear uc so UCALL_NONE is being properly reported Aaron Lewis
2020-08-19 9:13 ` Andrew Jones
2020-08-18 21:15 ` [PATCH v3 10/12] selftests: kvm: Add exception handling to selftests Aaron Lewis
2020-08-18 21:15 ` [PATCH v3 11/12] selftests: kvm: Add a test to exercise the userspace MSR list Aaron Lewis
2020-08-18 21:15 ` [PATCH v3 12/12] selftests: kvm: Add emulated rdmsr, wrmsr tests Aaron Lewis
-- strict thread matches above, loose matches on Subject: below --
2020-08-27 14:06 [PATCH v3 02/12] KVM: x86: Introduce allow list for MSR emulation kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200831103933.GF8299@kadam \
--to=dan.carpenter@oracle.com \
--cc=kbuild@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.