From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: Michael Roth <michael.roth@amd.com>, kvm@vger.kernel.org
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Sean Christopherson <seanjc@google.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
x86@kernel.org, "H . Peter Anvin" <hpa@zytor.com>,
linux-kernel@vger.kernel.org,
Michael Roth <michael.roth@amd.com.com>
Subject: Re: [PATCH] KVM: x86: fix CPUID entries returned by KVM_GET_CPUID2 ioctl
Date: Thu, 28 Jan 2021 09:36:09 +0100 [thread overview]
Message-ID: <87a6st31c6.fsf@vitty.brq.redhat.com> (raw)
In-Reply-To: <20210128024451.1816770-1-michael.roth@amd.com>
Michael Roth <michael.roth@amd.com> writes:
> Recent commit 255cbecfe0 modified struct kvm_vcpu_arch to make
> 'cpuid_entries' a pointer to an array of kvm_cpuid_entry2 entries
> rather than embedding the array in the struct. KVM_SET_CPUID and
> KVM_SET_CPUID2 were updated accordingly, but KVM_GET_CPUID2 was missed.
>
> As a result, KVM_GET_CPUID2 currently returns random fields from struct
> kvm_vcpu_arch to userspace rather than the expected CPUID values. Fix
> this by treating 'cpuid_entries' as a pointer when copying its
> contents to userspace buffer.
>
> Fixes: 255cbecfe0c9 ("KVM: x86: allocate vcpu->arch.cpuid_entries dynamically")
> Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
> Signed-off-by: Michael Roth <michael.roth@amd.com.com>
> ---
> arch/x86/kvm/cpuid.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> index 13036cf0b912..38172ca627d3 100644
> --- a/arch/x86/kvm/cpuid.c
> +++ b/arch/x86/kvm/cpuid.c
> @@ -321,7 +321,7 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
> if (cpuid->nent < vcpu->arch.cpuid_nent)
> goto out;
> r = -EFAULT;
> - if (copy_to_user(entries, &vcpu->arch.cpuid_entries,
> + if (copy_to_user(entries, vcpu->arch.cpuid_entries,
> vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2)))
> goto out;
> return 0;
This is embarrassing but I have a (possible) excuse: copy_to_user's
argument is 'void *' so no warning was produced. Surprisingly, no test
caught the breakage. Thanks for debugging and fixing!
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
--
Vitaly
next prev parent reply other threads:[~2021-01-28 8:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-28 2:44 [PATCH] KVM: x86: fix CPUID entries returned by KVM_GET_CPUID2 ioctl Michael Roth
2021-01-28 7:40 ` Paolo Bonzini
2021-01-28 8:36 ` Vitaly Kuznetsov [this message]
2021-01-28 8:43 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a6st31c6.fsf@vitty.brq.redhat.com \
--to=vkuznets@redhat.com \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=michael.roth@amd.com.com \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.