Re: [PATCH 01/11] KVM: selftests: Fix out-of-bounds reads in CPUID test's array lookups

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: Sean Christopherson <seanjc@google.com>,
	Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 01/11] KVM: selftests: Fix out-of-bounds reads in CPUID test's array lookups
Date: Fri, 04 Oct 2024 10:22:40 +0200	[thread overview]
Message-ID: <874j5sjmzz.fsf@redhat.com> (raw)
In-Reply-To: <20241003234337.273364-2-seanjc@google.com>

Sean Christopherson <seanjc@google.com> writes:

> When looking for a "mangled", i.e. dynamic, CPUID entry, terminate the
> walk based on the number of array _entries_, not the size in bytes of
> the array.  Iterating based on the total size of the array can result in
> false passes, e.g. if the random data beyond the array happens to match
> a CPUID entry's function and index.
>
> Fixes: fb18d053b7f8 ("selftest: kvm: x86: test KVM_GET_CPUID2 and guest visible CPUIDs against KVM_GET_SUPPORTED_CPUID")
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
>  tools/testing/selftests/kvm/x86_64/cpuid_test.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/testing/selftests/kvm/x86_64/cpuid_test.c b/tools/testing/selftests/kvm/x86_64/cpuid_test.c
> index 8c579ce714e9..fec03b11b059 100644
> --- a/tools/testing/selftests/kvm/x86_64/cpuid_test.c
> +++ b/tools/testing/selftests/kvm/x86_64/cpuid_test.c
> @@ -60,7 +60,7 @@ static bool is_cpuid_mangled(const struct kvm_cpuid_entry2 *entrie)
>  {
>  	int i;
>  
> -	for (i = 0; i < sizeof(mangled_cpuids); i++) {
> +	for (i = 0; i < ARRAY_SIZE(mangled_cpuids); i++) {
>  		if (mangled_cpuids[i].function == entrie->function &&
>  		    mangled_cpuids[i].index == entrie->index)
>  			return true;

Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>

-- 
Vitaly

next prev parent reply	other threads:[~2024-10-04  8:22 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-03 23:43 [PATCH 00/11] KVM: selftests: AVX support + fixes Sean Christopherson
2024-10-03 23:43 ` [PATCH 01/11] KVM: selftests: Fix out-of-bounds reads in CPUID test's array lookups Sean Christopherson
2024-10-04  8:22   ` Vitaly Kuznetsov [this message]
2024-10-03 23:43 ` [PATCH 02/11] KVM: selftests: Precisely mask off dynamic fields in CPUID test Sean Christopherson
2024-10-04  9:02   ` Vitaly Kuznetsov
2024-10-03 23:43 ` [PATCH 03/11] KVM: selftests: Mask off OSPKE and OSXSAVE when comparing CPUID entries Sean Christopherson
2024-10-04  9:02   ` Vitaly Kuznetsov
2024-10-03 23:43 ` [PATCH 04/11] KVM: selftests: Rework OSXSAVE CR4=>CPUID test to play nice with AVX insns Sean Christopherson
2024-10-04  9:02   ` Vitaly Kuznetsov
2024-10-03 23:43 ` [PATCH 05/11] KVM: selftests: Configure XCR0 to max supported value by default Sean Christopherson
2024-10-04  9:01   ` Vitaly Kuznetsov
2024-10-04 13:35     ` Sean Christopherson
2024-10-03 23:43 ` [PATCH 06/11] KVM: selftests: Verify XCR0 can be "downgraded" and "upgraded" Sean Christopherson
2024-10-04  9:04   ` Vitaly Kuznetsov
2024-10-03 23:43 ` [PATCH 07/11] KVM: selftests: Drop manual CR4.OSXSAVE enabling from CR4/CPUID sync test Sean Christopherson
2024-10-04  9:05   ` Vitaly Kuznetsov
2024-10-03 23:43 ` [PATCH 08/11] KVM: selftests: Drop manual XCR0 configuration from AMX test Sean Christopherson
2024-10-04  9:09   ` Vitaly Kuznetsov
2024-10-03 23:43 ` [PATCH 09/11] KVM: selftests: Drop manual XCR0 configuration from state test Sean Christopherson
2024-10-04  9:10   ` Vitaly Kuznetsov
2024-10-03 23:43 ` [PATCH 10/11] KVM: selftests: Drop manual XCR0 configuration from SEV smoke test Sean Christopherson
2024-10-03 23:43 ` [PATCH 11/11] KVM: selftests: Ensure KVM supports AVX for SEV-ES VMSA FPU test Sean Christopherson
2024-10-04  9:14   ` Vitaly Kuznetsov
2024-10-20 11:28 ` [PATCH 00/11] KVM: selftests: AVX support + fixes Paolo Bonzini
2024-10-31 19:51 ` Sean Christopherson
2024-11-01 19:31   ` Sean Christopherson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=874j5sjmzz.fsf@redhat.com \
    --to=vkuznets@redhat.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    --cc=seanjc@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.