From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org
Cc: Jing Zhang <jingzhangos@google.com>, Sasha Levin <sashal@kernel.org>
Subject: Re: [PATCH 5.15.y 1/3] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
Date: Wed, 4 Dec 2024 17:12:01 -0500 [thread overview]
Message-ID: <20241204162659-0bcfabea852bef0e@stable.kernel.org> (raw)
In-Reply-To: <20241204202340.2717420-1-jingzhangos@google.com>
[ Sasha's backport helper bot ]
Hi,
The upstream commit SHA1 provided is correct: 7fe28d7e68f92cc3d0668b8f2fbdf5c303ac3022
Status in newer kernel trees:
6.12.y | Not found
6.11.y | Not found
6.6.y | Not found
6.1.y | Not found
5.15.y | Not found
Note: The patch differs from the upstream commit:
---
1: 7fe28d7e68f92 ! 1: e7bc6980df78e KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
@@ Metadata
## Commit message ##
KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
+ commit 7fe28d7e68f92cc3d0668b8f2fbdf5c303ac3022 upstream.
+
In all the vgic_its_save_*() functinos, they do not check whether
the data length is 8 bytes before calling vgic_write_guest_lock.
This patch adds the check. To prevent the kernel from being blown up
@@ arch/arm64/kvm/vgic/vgic-its.c: static int vgic_its_save_ite(struct vgic_its *it
((u64)ite->irq->intid << KVM_ITS_ITE_PINTID_SHIFT) |
ite->collection->collection_id;
val = cpu_to_le64(val);
-- return vgic_write_guest_lock(kvm, gpa, &val, ite_esz);
+- return kvm_write_guest_lock(kvm, gpa, &val, ite_esz);
+
+ return vgic_its_write_entry_lock(its, gpa, val, ite_esz);
}
@@ arch/arm64/kvm/vgic/vgic-its.c: static int vgic_its_save_dte(struct vgic_its *it
(itt_addr_field << KVM_ITS_DTE_ITTADDR_SHIFT) |
(dev->num_eventid_bits - 1));
val = cpu_to_le64(val);
-- return vgic_write_guest_lock(kvm, ptr, &val, dte_esz);
+- return kvm_write_guest_lock(kvm, ptr, &val, dte_esz);
+
+ return vgic_its_write_entry_lock(its, ptr, val, dte_esz);
}
@@ arch/arm64/kvm/vgic/vgic-its.c: static int vgic_its_save_cte(struct vgic_its *it
((u64)collection->target_addr << KVM_ITS_CTE_RDBASE_SHIFT) |
collection->collection_id);
val = cpu_to_le64(val);
-- return vgic_write_guest_lock(its->dev->kvm, gpa, &val, esz);
+- return kvm_write_guest_lock(its->dev->kvm, gpa, &val, esz);
+
+ return vgic_its_write_entry_lock(its, gpa, val, esz);
}
- /*
+ static int vgic_its_restore_cte(struct vgic_its *its, gpa_t gpa, int esz)
@@ arch/arm64/kvm/vgic/vgic-its.c: static int vgic_its_restore_cte(struct vgic_its *its, gpa_t gpa, int esz)
u64 val;
int ret;
@@ arch/arm64/kvm/vgic/vgic-its.c: static int vgic_its_save_collection_table(struct
*/
- val = 0;
- BUG_ON(cte_esz > sizeof(val));
-- ret = vgic_write_guest_lock(its->dev->kvm, gpa, &val, cte_esz);
+- ret = kvm_write_guest_lock(its->dev->kvm, gpa, &val, cte_esz);
- return ret;
+ return vgic_its_write_entry_lock(its, gpa, 0, cte_esz);
}
- /*
+ /**
## arch/arm64/kvm/vgic/vgic.h ##
-@@ arch/arm64/kvm/vgic/vgic.h: static inline int vgic_write_guest_lock(struct kvm *kvm, gpa_t gpa,
- return ret;
+@@
+ #define __KVM_ARM_VGIC_NEW_H__
+
+ #include <linux/irqchip/arm-gic-common.h>
++#include <asm/kvm_mmu.h>
+
+ #define PRODUCT_ID_KVM 0x4b /* ASCII code K */
+ #define IMPLEMENTER_ARM 0x43b
+@@ arch/arm64/kvm/vgic/vgic.h: static inline bool vgic_irq_is_multi_sgi(struct vgic_irq *irq)
+ return vgic_irq_get_lr_count(irq) > 1;
}
+static inline int vgic_its_read_entry_lock(struct vgic_its *its, gpa_t eaddr,
@@ arch/arm64/kvm/vgic/vgic.h: static inline int vgic_write_guest_lock(struct kvm *
+ if (KVM_BUG_ON(esize != sizeof(eval), kvm))
+ return -EINVAL;
+
-+ return vgic_write_guest_lock(kvm, eaddr, &eval, esize);
++ return kvm_write_guest_lock(kvm, eaddr, &eval, esize);
+}
+
/*
---
Results of testing on various branches:
| Branch | Patch Apply | Build Test |
|---------------------------|-------------|------------|
| stable/linux-5.15.y | Success | Success |
next prev parent reply other threads:[~2024-12-04 23:23 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-04 20:23 [PATCH 5.15.y 1/3] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* Jing Zhang
2024-12-04 20:23 ` [PATCH 5.15.y 2/3] KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device Jing Zhang
2024-12-04 22:11 ` Sasha Levin
2024-12-04 20:23 ` [PATCH 5.15.y 3/3] KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE Jing Zhang
2024-12-04 22:11 ` Sasha Levin
2024-12-04 22:12 ` Sasha Levin [this message]
2024-12-06 0:48 ` [PATCH 5.15.y 1/3] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* Oliver Upton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241204162659-0bcfabea852bef0e@stable.kernel.org \
--to=sashal@kernel.org \
--cc=jingzhangos@google.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.