[GIT PULL v2] KVM/arm64 fixes for 6.3, part #4

[GIT PULL v2] KVM/arm64 fixes for 6.3, part #4

[Oliver Upton]

Hi Paolo,

Here is v2 of the last batch of fixes for 6.3 (for real this time!)

Details in the tag, but the noteworthy addition is Dan's fix for a
rather obvious buffer overflow when writing to a firmware register.

Please pull,

Oliver

The following changes since commit e81625218bf7986ba1351a98c43d346b15601d26:

  KVM: arm64: Advertise ID_AA64PFR0_EL1.CSV2/3 to protected VMs (2023-04-04 15:52:06 +0000)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm.git tags/kvmarm-fixes-6.3-4

for you to fetch changes up to a25bc8486f9c01c1af6b6c5657234b2eee2c39d6:

  KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (2023-04-19 15:22:37 +0000)

----------------------------------------------------------------
KVM/arm64 fixes for 6.3, part #4

 - Plug a buffer overflow due to the use of the user-provided register
   width for firmware regs. Outright reject accesses where the
   user register width does not match the kernel representation.

 - Protect non-atomic RMW operations on vCPU flags against preemption,
   as an update to the flags by an intervening preemption could be lost.

----------------------------------------------------------------
Dan Carpenter (1):
      KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg()

Marc Zyngier (1):
      KVM: arm64: Make vcpu flag updates non-preemptible

 arch/arm64/include/asm/kvm_host.h | 19 ++++++++++++++++++-
 arch/arm64/kvm/hypercalls.c       |  2 ++
 2 files changed, 20 insertions(+), 1 deletion(-)

Re: [GIT PULL v2] KVM/arm64 fixes for 6.3, part #4

[Paolo Bonzini]

On 4/19/23 17:54, Oliver Upton wrote:
> Hi Paolo,
> 
> Here is v2 of the last batch of fixes for 6.3 (for real this time!)
> 
> Details in the tag, but the noteworthy addition is Dan's fix for a
> rather obvious buffer overflow when writing to a firmware register.
> 
> Please pull,
> 
> Oliver
> 
> The following changes since commit e81625218bf7986ba1351a98c43d346b15601d26:
> 
>    KVM: arm64: Advertise ID_AA64PFR0_EL1.CSV2/3 to protected VMs (2023-04-04 15:52:06 +0000)
> 
> are available in the Git repository at:
> 
>    git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm.git tags/kvmarm-fixes-6.3-4
> 
> for you to fetch changes up to a25bc8486f9c01c1af6b6c5657234b2eee2c39d6:
> 
>    KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (2023-04-19 15:22:37 +0000)

Pulled, thanks.

Paolo

> 
> ----------------------------------------------------------------
> KVM/arm64 fixes for 6.3, part #4
> 
>   - Plug a buffer overflow due to the use of the user-provided register
>     width for firmware regs. Outright reject accesses where the
>     user register width does not match the kernel representation.
> 
>   - Protect non-atomic RMW operations on vCPU flags against preemption,
>     as an update to the flags by an intervening preemption could be lost.
> 
> ----------------------------------------------------------------
> Dan Carpenter (1):
>        KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg()
> 
> Marc Zyngier (1):
>        KVM: arm64: Make vcpu flag updates non-preemptible
> 
>   arch/arm64/include/asm/kvm_host.h | 19 ++++++++++++++++++-
>   arch/arm64/kvm/hypercalls.c       |  2 ++
>   2 files changed, 20 insertions(+), 1 deletion(-)
> 

Re: [GIT PULL v2] KVM/arm64 fixes for 6.3, part #4

[Paolo Bonzini]

On 4/19/23 17:54, Oliver Upton wrote:
> Hi Paolo,
> 
> Here is v2 of the last batch of fixes for 6.3 (for real this time!)
> 
> Details in the tag, but the noteworthy addition is Dan's fix for a
> rather obvious buffer overflow when writing to a firmware register.

At least going by the Fixes tag, I think this one should have been Cc'd 
to stable as well.  Can you send it next week or would you like someone 
else to handle the backport?

Thanks,

Paolo

Re: [GIT PULL v2] KVM/arm64 fixes for 6.3, part #4

[Marc Zyngier]

On 2023-04-22 00:51, Paolo Bonzini wrote:
> On 4/19/23 17:54, Oliver Upton wrote:
>> Hi Paolo,
>> 
>> Here is v2 of the last batch of fixes for 6.3 (for real this time!)
>> 
>> Details in the tag, but the noteworthy addition is Dan's fix for a
>> rather obvious buffer overflow when writing to a firmware register.
> 
> At least going by the Fixes tag, I think this one should have been
> Cc'd to stable as well.  Can you send it next week or would you like
> someone else to handle the backport?

Indeed, that's missing. But yes, backports are definitely on
the cards, and we'll make sure all stable versions get fixed
as soon as the fix hits Linus' tree.

         M.
-- 
Jazz is not dead. It just smells funny...

Re: [GIT PULL v2] KVM/arm64 fixes for 6.3, part #4

[Oliver Upton]

On Sat, Apr 22, 2023 at 10:05:38AM +0100, Marc Zyngier wrote:
> On 2023-04-22 00:51, Paolo Bonzini wrote:
> > On 4/19/23 17:54, Oliver Upton wrote:
> > > Hi Paolo,
> > > 
> > > Here is v2 of the last batch of fixes for 6.3 (for real this time!)
> > > 
> > > Details in the tag, but the noteworthy addition is Dan's fix for a
> > > rather obvious buffer overflow when writing to a firmware register.
> > 
> > At least going by the Fixes tag, I think this one should have been
> > Cc'd to stable as well.  Can you send it next week or would you like
> > someone else to handle the backport?

Thanks for spotting that, I had a mental note to do so, but my memory is
fleeting at best :)

> Indeed, that's missing. But yes, backports are definitely on
> the cards, and we'll make sure all stable versions get fixed
> as soon as the fix hits Linus' tree.

Between this last batch of fixes for 6.3 and the 6.4 pull we've accrued
quite a backlog of stable-worthy patches, many of them are likely to be
nontrivial backports.

I'll do the config_lock series, and I can pick up the firmware reg fix
if nobody else is handling that backport.

Are you going to take a stab at the vCPU flags fix?

-- 
Thanks,
Oliver

Re: [GIT PULL v2] KVM/arm64 fixes for 6.3, part #4

[Marc Zyngier]

On Sat, 22 Apr 2023 19:35:35 +0100,
Oliver Upton <oliver.upton@linux.dev> wrote:
> 
> On Sat, Apr 22, 2023 at 10:05:38AM +0100, Marc Zyngier wrote:
> > On 2023-04-22 00:51, Paolo Bonzini wrote:
> > > On 4/19/23 17:54, Oliver Upton wrote:
> > > > Hi Paolo,
> > > > 
> > > > Here is v2 of the last batch of fixes for 6.3 (for real this time!)
> > > > 
> > > > Details in the tag, but the noteworthy addition is Dan's fix for a
> > > > rather obvious buffer overflow when writing to a firmware register.
> > > 
> > > At least going by the Fixes tag, I think this one should have been
> > > Cc'd to stable as well.  Can you send it next week or would you like
> > > someone else to handle the backport?
> 
> Thanks for spotting that, I had a mental note to do so, but my memory is
> fleeting at best :)
> 
> > Indeed, that's missing. But yes, backports are definitely on
> > the cards, and we'll make sure all stable versions get fixed
> > as soon as the fix hits Linus' tree.
> 
> Between this last batch of fixes for 6.3 and the 6.4 pull we've accrued
> quite a backlog of stable-worthy patches, many of them are likely to be
> nontrivial backports.
> 
> I'll do the config_lock series, and I can pick up the firmware reg fix
> if nobody else is handling that backport.
> 
> Are you going to take a stab at the vCPU flags fix?

Yup, that's on my list. The backport will be easy down to 6.0, but way
more creative before that, as we don't have a proper flag management
infrastructure in older kernels.

Cheers,

	M.

-- 
Without deviation from the norm, progress is not possible.