From: Marc Zyngier <maz@kernel.org>
To: Steven Davis <goldside000@outlook.com>
Cc: "oliver.upton@linux.dev" <oliver.upton@linux.dev>,
"catalin.marinas@arm.com" <catalin.marinas@arm.com>,
"will@kernel.org" <will@kernel.org>,
"joey.gouly@arm.com" <joey.gouly@arm.com>,
"suzuki.poulose@arm.com" <suzuki.poulose@arm.com>,
"yuzenghui@huawei.com" <yuzenghui@huawei.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"kvmarm@lists.linux.dev" <kvmarm@lists.linux.dev>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] arm64: kvm: Fix potential overflow in len
Date: Sat, 28 Dec 2024 10:07:47 +0000 [thread overview]
Message-ID: <86jzbkp1cc.wl-maz@kernel.org> (raw)
In-Reply-To: <20241228020119.12379-1-goldside000@outlook.com>
On Sat, 28 Dec 2024 02:01:27 +0000,
Steven Davis <goldside000@outlook.com> wrote:
>
> The MMIO sign-extension logic in kvm_handle_mmio_return can
> trigger an integer overflow or undefined behavior when len
> is invalid (e.g., len == 0 or len exceeds the size of unsigned
> long). Specifically, the expression (len * 8) - 1 may result
> in an out-of-bounds shift in the computation of the mask.
>
> This patch adds validation to ensure len is greater than
> 0 and less than the size of unsigned long before performing
> the sign-extension logic. If len falls outside this range,
> the problematic logic is skipped, preventing potential issues.
I'd be curious to understand how you came to this conclusion, given
how len is computed. If anything, we could *remove* some of the
checks, rather than adding additional ones.
Also, "skipping" things is rarely an acceptable behaviour when
emulating hardware behaviour.
M.
--
Without deviation from the norm, progress is not possible.
prev parent reply other threads:[~2024-12-28 10:10 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-28 2:01 [PATCH] arm64: kvm: Fix potential overflow in len Steven Davis
2024-12-28 7:09 ` Oliver Upton
2024-12-28 10:07 ` Marc Zyngier [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86jzbkp1cc.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=goldside000@outlook.com \
--cc=joey.gouly@arm.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oliver.upton@linux.dev \
--cc=suzuki.poulose@arm.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).