From: Sean Christopherson <seanjc@google.com>
To: Mathias Krause <minipli@grsecurity.net>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
kvm@vger.kernel.org, Emese Revfy <re.emese@gmail.com>,
PaX Team <pageexec@freemail.hu>
Subject: Re: [PATCH v3 1/5] KVM: Reject overly excessive IDs in KVM_CREATE_VCPU
Date: Tue, 18 Jun 2024 14:43:55 -0700 [thread overview]
Message-ID: <ZnH_m_83ip2rdpbC@google.com> (raw)
In-Reply-To: <20240614202859.3597745-2-minipli@grsecurity.net>
On Fri, Jun 14, 2024, Mathias Krause wrote:
> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> index 14841acb8b95..b04e87f6568f 100644
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c
> @@ -4200,12 +4200,20 @@ static void kvm_create_vcpu_debugfs(struct kvm_vcpu *vcpu)
> /*
> * Creates some virtual cpus. Good luck creating more than one.
> */
> -static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, u32 id)
> +static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, unsigned long id)
> {
> int r;
> struct kvm_vcpu *vcpu;
> struct page *page;
>
> + /*
> + * KVM tracks vCPU IDs as 'int', be kind to userspace and reject
> + * too-large values instead of silently truncating.
> + *
> + * Also ensure we're not breaking this assumption by accidentally
> + * pushing KVM_MAX_VCPU_IDS above INT_MAX.
I tweaked this slightly because it's not just accidental changes we need to
guard against, and to "hint" that vcpu_id really should be an "unsigned int".
/*
* KVM tracks vCPU IDs as 'int', be kind to userspace and reject
* too-large values instead of silently truncating.
*
* Ensure KVM_MAX_VCPU_IDS isn't pushed above INT_MAX without first
* changing the storage type (at the very least, IDs should be tracked
* as unsigned ints).
*/
> + */
> + BUILD_BUG_ON(KVM_MAX_VCPU_IDS > INT_MAX);
> if (id >= KVM_MAX_VCPU_IDS)
> return -EINVAL;
>
> --
> 2.30.2
>
next prev parent reply other threads:[~2024-06-18 21:43 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-14 20:28 [PATCH v3 0/5] KVM: Reject vCPU IDs above 2^32 Mathias Krause
2024-06-14 20:28 ` [PATCH v3 1/5] KVM: Reject overly excessive IDs in KVM_CREATE_VCPU Mathias Krause
2024-06-18 21:43 ` Sean Christopherson [this message]
2024-06-14 20:28 ` [PATCH v3 2/5] KVM: x86: Limit check IDs for KVM_SET_BOOT_CPU_ID Mathias Krause
2024-06-14 20:28 ` [PATCH v3 3/5] KVM: x86: Prevent excluding the BSP on setting max_vcpu_ids Mathias Krause
2024-06-14 20:28 ` [PATCH v3 4/5] KVM: selftests: Test max vCPU IDs corner cases Mathias Krause
2024-06-18 21:46 ` Sean Christopherson
2024-06-14 20:28 ` [PATCH v3 5/5] KVM: selftests: Test vCPU boot IDs above 2^32 Mathias Krause
2024-06-18 21:50 ` Sean Christopherson
2024-06-18 21:41 ` [PATCH v3 0/5] KVM: Reject vCPU " Sean Christopherson
2024-06-19 6:28 ` Mathias Krause
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZnH_m_83ip2rdpbC@google.com \
--to=seanjc@google.com \
--cc=kvm@vger.kernel.org \
--cc=minipli@grsecurity.net \
--cc=pageexec@freemail.hu \
--cc=pbonzini@redhat.com \
--cc=re.emese@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.