Re: [PATCH v3 1/4] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Marc Zyngier <maz@kernel.org>
To: Jing Zhang <jingzhangos@google.com>
Cc: KVM <kvm@vger.kernel.org>, KVMARM <kvmarm@lists.linux.dev>,
	ARMLinux <linux-arm-kernel@lists.infradead.org>,
	Oliver Upton <oupton@google.com>, Joey Gouly <joey.gouly@arm.com>,
	Zenghui Yu <yuzenghui@huawei.com>,
	Suzuki K Poulose <suzuki.poulose@arm.com>,
	Kunkun Jiang <jiangkunkun@huawei.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Andre Przywara <andre.przywara@arm.com>,
	Colton Lewis <coltonlewis@google.com>,
	Raghavendra Rao Ananta <rananta@google.com>,
	Shusen Li <lishusen2@huawei.com>
Subject: Re: [PATCH v3 1/4] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
Date: Wed, 06 Nov 2024 12:03:34 +0000	[thread overview]
Message-ID: <86cyj81sdl.wl-maz@kernel.org> (raw)
In-Reply-To: <20241106083035.2813799-2-jingzhangos@google.com>

On Wed, 06 Nov 2024 08:30:32 +0000,
Jing Zhang <jingzhangos@google.com> wrote:
> 
> From: Kunkun Jiang <jiangkunkun@huawei.com>
> 
> In all the vgic_its_save_*() functinos, they do not check whether
> the data length is 8 bytes before calling vgic_write_guest_lock.
> This patch adds the check. To prevent the kernel from being blown up
> when the fault occurs, KVM_BUG_ON() is used. And the other BUG_ON()s
> are replaced together.
> 
> Signed-off-by: Kunkun Jiang <jiangkunkun@huawei.com>
> Signed-off-by: Jing Zhang <jingzhangos@google.com>
> ---
>  arch/arm64/kvm/vgic/vgic-its.c | 21 +++++++++++++++++++--
>  1 file changed, 19 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/arm64/kvm/vgic/vgic-its.c b/arch/arm64/kvm/vgic/vgic-its.c
> index ba945ba78cc7..2381bc5ce544 100644
> --- a/arch/arm64/kvm/vgic/vgic-its.c
> +++ b/arch/arm64/kvm/vgic/vgic-its.c
> @@ -2095,6 +2095,10 @@ static int vgic_its_save_ite(struct vgic_its *its, struct its_device *dev,
>  	       ((u64)ite->irq->intid << KVM_ITS_ITE_PINTID_SHIFT) |
>  		ite->collection->collection_id;
>  	val = cpu_to_le64(val);
> +
> +	if (KVM_BUG_ON(ite_esz != sizeof(val), kvm))
> +		return -EINVAL;
> +
>  	return vgic_write_guest_lock(kvm, gpa, &val, ite_esz);
>  }
>  
> @@ -2250,6 +2254,10 @@ static int vgic_its_save_dte(struct vgic_its *its, struct its_device *dev,
>  	       (itt_addr_field << KVM_ITS_DTE_ITTADDR_SHIFT) |
>  		(dev->num_eventid_bits - 1));
>  	val = cpu_to_le64(val);
> +
> +	if (KVM_BUG_ON(dte_esz != sizeof(val), kvm))
> +		return -EINVAL;
> +
>  	return vgic_write_guest_lock(kvm, ptr, &val, dte_esz);
>  }
>  
> @@ -2431,12 +2439,17 @@ static int vgic_its_save_cte(struct vgic_its *its,
>  			     struct its_collection *collection,
>  			     gpa_t gpa, int esz)
>  {
> +	struct kvm *kvm = its->dev->kvm;

nit: just use its->dev->kvm consistently, as this is what we are
already doing in this function.

	M.

-- 
Without deviation from the norm, progress is not possible.

next prev parent reply	other threads:[~2024-11-06 12:03 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-11-06  8:30 [PATCH v3 0/4] Some fixes about vgic-its Jing Zhang
2024-11-06  8:30 ` [PATCH v3 1/4] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* Jing Zhang
2024-11-06 12:03   ` Marc Zyngier [this message]
2024-11-06 18:16     ` Jing Zhang
2024-11-06  8:30 ` [PATCH v3 2/4] KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device Jing Zhang
2024-11-06 13:14   ` Marc Zyngier
2024-11-06 18:30     ` Jing Zhang
2024-11-06  8:30 ` [PATCH v3 3/4] KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE Jing Zhang
2024-11-06  8:30 ` [PATCH v3 4/4] KVM: selftests: aarch64: Test VGIC ITS tables save/restore Jing Zhang
2024-11-06 13:26   ` Marc Zyngier
2024-11-06 18:41     ` Jing Zhang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=86cyj81sdl.wl-maz@kernel.org \
    --to=maz@kernel.org \
    --cc=andre.przywara@arm.com \
    --cc=coltonlewis@google.com \
    --cc=jiangkunkun@huawei.com \
    --cc=jingzhangos@google.com \
    --cc=joey.gouly@arm.com \
    --cc=kvm@vger.kernel.org \
    --cc=kvmarm@lists.linux.dev \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=lishusen2@huawei.com \
    --cc=oupton@google.com \
    --cc=pbonzini@redhat.com \
    --cc=rananta@google.com \
    --cc=suzuki.poulose@arm.com \
    --cc=yuzenghui@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.