From: Sean Christopherson <seanjc@google.com>
To: Mathias Krause <minipli@grsecurity.net>
Cc: Paolo Bonzini <pbonzini@redhat.com>, kvm@vger.kernel.org
Subject: Re: [PATCH v3 4/5] KVM: selftests: Test max vCPU IDs corner cases
Date: Tue, 18 Jun 2024 14:46:08 -0700 [thread overview]
Message-ID: <ZnIAIGJpErWhfHns@google.com> (raw)
In-Reply-To: <20240614202859.3597745-5-minipli@grsecurity.net>
On Fri, Jun 14, 2024, Mathias Krause wrote:
> The KVM_CREATE_VCPU ioctl ABI had an implicit integer truncation bug,
> allowing 2^32 aliases for a vCPU ID by setting the upper 32 bits of a 64
> bit ioctl() argument.
>
> It also allowed excluding a once set boot CPU ID.
>
> Verify this no longer works and gets rejected with an error.
>
> Signed-off-by: Mathias Krause <minipli@grsecurity.net>
> ---
> v3:
> - test BOOT_CPU_ID interaction too
>
> .../kvm/x86_64/max_vcpuid_cap_test.c | 22 +++++++++++++++++--
> 1 file changed, 20 insertions(+), 2 deletions(-)
>
> diff --git a/tools/testing/selftests/kvm/x86_64/max_vcpuid_cap_test.c b/tools/testing/selftests/kvm/x86_64/max_vcpuid_cap_test.c
> index 3cc4b86832fe..c2da915201be 100644
> --- a/tools/testing/selftests/kvm/x86_64/max_vcpuid_cap_test.c
> +++ b/tools/testing/selftests/kvm/x86_64/max_vcpuid_cap_test.c
> @@ -26,19 +26,37 @@ int main(int argc, char *argv[])
> TEST_ASSERT(ret < 0,
> "Setting KVM_CAP_MAX_VCPU_ID beyond KVM cap should fail");
>
> + /* Test BOOT_CPU_ID interaction (MAX_VCPU_ID cannot be lower) */
> + if (kvm_has_cap(KVM_CAP_SET_BOOT_CPU_ID)) {
> + vm_ioctl(vm, KVM_SET_BOOT_CPU_ID, (void *)MAX_VCPU_ID);
> +
> + /* Try setting KVM_CAP_MAX_VCPU_ID below BOOT_CPU_ID */
> + ret = __vm_enable_cap(vm, KVM_CAP_MAX_VCPU_ID, MAX_VCPU_ID - 1);
> + TEST_ASSERT(ret < 0,
> + "Setting KVM_CAP_MAX_VCPU_ID below BOOT_CPU_ID should fail");
> + }
> +
> /* Set KVM_CAP_MAX_VCPU_ID */
> vm_enable_cap(vm, KVM_CAP_MAX_VCPU_ID, MAX_VCPU_ID);
>
> -
> /* Try to set KVM_CAP_MAX_VCPU_ID again */
> ret = __vm_enable_cap(vm, KVM_CAP_MAX_VCPU_ID, MAX_VCPU_ID + 1);
> TEST_ASSERT(ret < 0,
> "Setting KVM_CAP_MAX_VCPU_ID multiple times should fail");
>
> - /* Create vCPU with id beyond KVM_CAP_MAX_VCPU_ID cap*/
> + /* Create vCPU with id beyond KVM_CAP_MAX_VCPU_ID cap */
> ret = __vm_ioctl(vm, KVM_CREATE_VCPU, (void *)MAX_VCPU_ID);
> TEST_ASSERT(ret < 0, "Creating vCPU with ID > MAX_VCPU_ID should fail");
>
> + /* Create vCPU with id beyond UINT_MAX */
I changed this comment to
/* Create vCPU with bits 63:32 != 0, but an otherwise valid id */
mostly because it's specifically testing the bad truncation of the upper bits,
but also because I initially misinterpreted the intent and confused it with the
INT_MAX BUILD_BUG_ON().
> + ret = __vm_ioctl(vm, KVM_CREATE_VCPU, (void *)(1L << 32));
> + TEST_ASSERT(ret < 0, "Creating vCPU with ID > UINT_MAX should fail");
> +
> + /* Create vCPU with id within bounds */
> + ret = __vm_ioctl(vm, KVM_CREATE_VCPU, (void *)0);
> + TEST_ASSERT(ret >= 0, "Creating vCPU with ID 0 should succeed");
> +
> + close(ret);
> kvm_vm_free(vm);
> return 0;
> }
> --
> 2.30.2
>
next prev parent reply other threads:[~2024-06-18 21:46 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-14 20:28 [PATCH v3 0/5] KVM: Reject vCPU IDs above 2^32 Mathias Krause
2024-06-14 20:28 ` [PATCH v3 1/5] KVM: Reject overly excessive IDs in KVM_CREATE_VCPU Mathias Krause
2024-06-18 21:43 ` Sean Christopherson
2024-06-14 20:28 ` [PATCH v3 2/5] KVM: x86: Limit check IDs for KVM_SET_BOOT_CPU_ID Mathias Krause
2024-06-14 20:28 ` [PATCH v3 3/5] KVM: x86: Prevent excluding the BSP on setting max_vcpu_ids Mathias Krause
2024-06-14 20:28 ` [PATCH v3 4/5] KVM: selftests: Test max vCPU IDs corner cases Mathias Krause
2024-06-18 21:46 ` Sean Christopherson [this message]
2024-06-14 20:28 ` [PATCH v3 5/5] KVM: selftests: Test vCPU boot IDs above 2^32 Mathias Krause
2024-06-18 21:50 ` Sean Christopherson
2024-06-18 21:41 ` [PATCH v3 0/5] KVM: Reject vCPU " Sean Christopherson
2024-06-19 6:28 ` Mathias Krause
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZnIAIGJpErWhfHns@google.com \
--to=seanjc@google.com \
--cc=kvm@vger.kernel.org \
--cc=minipli@grsecurity.net \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).