From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id F16A0146D6B;
	Sat, 28 Dec 2024 10:07:50 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1735380471; cv=none; b=W5i24GMKyLLrnBk5RXXMzD5POP/0Axij91OSPvXEZPUvnyRiaFhkuVm3HUaU8xsrlMXpEYvxDQdHH25D+F5bHiEnkdOd58GTKSvyBG16mDP1AJb/jwoR1/gyj0vxoAv0KWJG0ClTwaqNwTl8mhfYvyH+LYXi3DMmASG2AzkL8eY=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1735380471; c=relaxed/simple;
	bh=YLgD9eimGEFiztCLYuVJVZB87yEhKC50Hf8bnQfMVHA=;
	h=Date:Message-ID:From:To:Cc:Subject:In-Reply-To:References:
	 MIME-Version:Content-Type; b=JquyThghVTKgMMxjMdkFMo/n3QwCyeqSvPxNkqiQzmeKQgSqUXl1ky1YLL66c9D7BG9J67Z3MliGnD//q7e/dXuK1V2o570c6iOU2242cCUCMX7j145cP7JmUyMQecQR3jVPpJek21vqBSi3/e4iRFv14kZi4Ete3KuKNzB+GJw=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=PVkxFkW/; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="PVkxFkW/"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7A70CC4CECD;
	Sat, 28 Dec 2024 10:07:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1735380470;
	bh=YLgD9eimGEFiztCLYuVJVZB87yEhKC50Hf8bnQfMVHA=;
	h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
	b=PVkxFkW/RQ5Mz+51SY5V7br71skXrRCzCH785yUeFXKbZuawZECj52Lri4gSCev9K
	 jtm0ffLDnGci9QiCTkVNCMtCO/EY1X7EAOpp698yoq/+k/v6XaBkeGv8swIqY/I3bW
	 v7lo218YUeylrxjV/MzNCm4e1C1pQOedYuIpddqFMe8Wv4PXR/CuQicOn76E/ALTK4
	 VD8xu1/sWCPs1ge9/EZfVsIRtBv2G/Iwrtg5lfszIReOqm8ZztEnIYEe4Das7BUReu
	 OoM6PFcjs+7bpqpudTeoLLl9wD6VtVeAiKJmkACiv85VhBkICpWrAMZPwcHdrSTl4W
	 jPO4peHwpaTAQ==
Received: from sofa.misterjones.org ([185.219.108.64] helo=goblin-girl.misterjones.org)
	by disco-boy.misterjones.org with esmtpsa  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.95)
	(envelope-from <maz@kernel.org>)
	id 1tRTjY-007NEB-1n;
	Sat, 28 Dec 2024 10:07:48 +0000
Date: Sat, 28 Dec 2024 10:07:47 +0000
Message-ID: <86jzbkp1cc.wl-maz@kernel.org>
From: Marc Zyngier <maz@kernel.org>
To: Steven Davis <goldside000@outlook.com>
Cc: "oliver.upton@linux.dev"
	<oliver.upton@linux.dev>,
	"catalin.marinas@arm.com"
	<catalin.marinas@arm.com>,
	"will@kernel.org" <will@kernel.org>,
	"joey.gouly@arm.com" <joey.gouly@arm.com>,
	"suzuki.poulose@arm.com"
	<suzuki.poulose@arm.com>,
	"yuzenghui@huawei.com" <yuzenghui@huawei.com>,
	"linux-arm-kernel@lists.infradead.org"
	<linux-arm-kernel@lists.infradead.org>,
	"kvmarm@lists.linux.dev"
	<kvmarm@lists.linux.dev>,
	"linux-kernel@vger.kernel.org"
	<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] arm64: kvm: Fix potential overflow in len
In-Reply-To: <20241228020119.12379-1-goldside000@outlook.com>
References: <20241228020119.12379-1-goldside000@outlook.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue)
 FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/29.4
 (aarch64-unknown-linux-gnu) MULE/6.0 (HANACHIRUSATO)
Precedence: bulk
X-Mailing-List: kvmarm@lists.linux.dev
List-Id: <kvmarm.lists.linux.dev>
List-Subscribe: <mailto:kvmarm+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:kvmarm+unsubscribe@lists.linux.dev>
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
X-SA-Exim-Connect-IP: 185.219.108.64
X-SA-Exim-Rcpt-To: goldside000@outlook.com, oliver.upton@linux.dev, catalin.marinas@arm.com, will@kernel.org, joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org
X-SA-Exim-Mail-From: maz@kernel.org
X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false

On Sat, 28 Dec 2024 02:01:27 +0000,
Steven Davis <goldside000@outlook.com> wrote:
> 
> The MMIO sign-extension logic in kvm_handle_mmio_return can
> trigger an integer overflow or undefined behavior when len
> is invalid (e.g., len == 0 or len exceeds the size of unsigned
> long). Specifically, the expression (len * 8) - 1 may result
> in an out-of-bounds shift in the computation of the mask.
> 
> This patch adds validation to ensure len is greater than
> 0 and less than the size of unsigned long before performing
> the sign-extension logic. If len falls outside this range,
> the problematic logic is skipped, preventing potential issues.

I'd be curious to understand how you came to this conclusion, given
how len is computed. If anything, we could *remove* some of the
checks, rather than adding additional ones.

Also, "skipping" things is rarely an acceptable behaviour when
emulating hardware behaviour.

	M.

-- 
Without deviation from the norm, progress is not possible.