[bug report] KVM: SVM: Add KVM_SEND_UPDATE_DATA command

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dan Carpenter <dan.carpenter@oracle.com>
To: brijesh.singh@amd.com
Cc: kvm@vger.kernel.org
Subject: [bug report] KVM: SVM: Add KVM_SEND_UPDATE_DATA command
Date: Thu, 29 Apr 2021 10:20:10 +0300	[thread overview]
Message-ID: <YIpeKpSB7Wqkqn9f@mwanda> (raw)

Hello Brijesh Singh,

The patch d3d1af85e2c7: "KVM: SVM: Add KVM_SEND_UPDATE_DATA command"
from Apr 15, 2021, leads to the following static checker warning:

arch/x86/kvm/svm/sev.c:1268 sev_send_update_data() warn: 'guest_page' is an error pointer or valid
arch/x86/kvm/svm/sev.c:1316 sev_send_update_data() warn: maybe return -EFAULT instead of the bytes remaining?
arch/x86/kvm/svm/sev.c:1462 sev_receive_update_data() warn: 'guest_page' is an error pointer or valid

arch/x86/kvm/svm/sev.c
  1261          offset = params.guest_uaddr & (PAGE_SIZE - 1);
  1262          if ((params.guest_len + offset > PAGE_SIZE))
  1263                  return -EINVAL;
  1264  
  1265          /* Pin guest memory */
  1266          guest_page = sev_pin_memory(kvm, params.guest_uaddr & PAGE_MASK,
  1267                                      PAGE_SIZE, &n, 0);
  1268          if (!guest_page)

The sev_pin_memory() function returns error pointers, not NULL.

  1269                  return -EFAULT;
  1270  
  1271          /* allocate memory for header and transport buffer */
  1272          ret = -ENOMEM;
  1273          hdr = kmalloc(params.hdr_len, GFP_KERNEL_ACCOUNT);
  1274          if (!hdr)
  1275                  goto e_unpin;
  1276  
  1277          trans_data = kmalloc(params.trans_len, GFP_KERNEL_ACCOUNT);
  1278          if (!trans_data)
  1279                  goto e_free_hdr;
  1280  
  1281          memset(&data, 0, sizeof(data));
  1282          data.hdr_address = __psp_pa(hdr);
  1283          data.hdr_len = params.hdr_len;
  1284          data.trans_address = __psp_pa(trans_data);
  1285          data.trans_len = params.trans_len;
  1286  
  1287          /* The SEND_UPDATE_DATA command requires C-bit to be always set. */
  1288          data.guest_address = (page_to_pfn(guest_page[0]) << PAGE_SHIFT) + offset;
  1289          data.guest_address |= sev_me_mask;
  1290          data.guest_len = params.guest_len;
  1291          data.handle = sev->handle;
  1292  
  1293          ret = sev_issue_cmd(kvm, SEV_CMD_SEND_UPDATE_DATA, &data, &argp->error);
  1294  
  1295          if (ret)
  1296                  goto e_free_trans_data;
  1297  
  1298          /* copy transport buffer to user space */
  1299          if (copy_to_user((void __user *)(uintptr_t)params.trans_uaddr,
  1300                           trans_data, params.trans_len)) {
  1301                  ret = -EFAULT;
  1302                  goto e_free_trans_data;
  1303          }
  1304  
  1305          /* Copy packet header to userspace. */
  1306          ret = copy_to_user((void __user *)(uintptr_t)params.hdr_uaddr, hdr,
  1307                                  params.hdr_len);

This should be:
		 if (copy_to_user(...))
			ret = -EFAULT;

  1308  
  1309  e_free_trans_data:
  1310          kfree(trans_data);
  1311  e_free_hdr:
  1312          kfree(hdr);
  1313  e_unpin:
  1314          sev_unpin_memory(kvm, guest_page, n);
  1315  
  1316          return ret;
  1317  }

[ snip ]

  1456          data.trans_len = params.trans_len;
  1457  
  1458          /* Pin guest memory */
  1459          ret = -EFAULT;
  1460          guest_page = sev_pin_memory(kvm, params.guest_uaddr & PAGE_MASK,
  1461                                      PAGE_SIZE, &n, 0);
  1462          if (!guest_page)

IS_ERR(guest_page) here as well.

  1463                  goto e_free_trans;
  1464  
  1465          /* The RECEIVE_UPDATE_DATA command requires C-bit to be always set. */
  1466          data.guest_address = (page_to_pfn(guest_page[0]) << PAGE_SHIFT) + offset;
  1467          data.guest_address |= sev_me_mask;
  1468          data.guest_len = params.guest_len;
  1469          data.handle = sev->handle;
  1470  

regards,
dan carpenter

next             reply	other threads:[~2021-04-29  7:21 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-29  7:20 Dan Carpenter [this message]
2021-05-06 18:09 ` [bug report] KVM: SVM: Add KVM_SEND_UPDATE_DATA command Sean Christopherson
2021-05-07  5:01   ` Dan Carpenter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YIpeKpSB7Wqkqn9f@mwanda \
    --to=dan.carpenter@oracle.com \
    --cc=brijesh.singh@amd.com \
    --cc=kvm@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.