Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-06 05:06:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8b8e57e509
linux-stable/virt/kvm
History
Mathias Krause 8b8e57e509 KVM: Reject overly excessive IDs in KVM_CREATE_VCPU 
If, on a 64 bit system, a vCPU ID is provided that has the upper 32 bits
set to a non-zero value, it may get accepted if the truncated to 32 bits
integer value is below KVM_MAX_VCPU_IDS and 'max_vcpus'. This feels very
wrong and triggered the reporting logic of PaX's SIZE_OVERFLOW plugin.

Instead of silently truncating and accepting such values, pass the full
value to kvm_vm_ioctl_create_vcpu() and make the existing limit checks
return an error.

Even if this is a userland ABI breaking change, no sane userland could
have ever relied on that behaviour.

Reported-by: PaX's SIZE_OVERFLOW plugin running on grsecurity's syzkaller
Fixes: 6aa8b732ca ("[PATCH] kvm: userspace interface")
Cc: Emese Revfy <re.emese@gmail.com>
Cc: PaX Team <pageexec@freemail.hu>
Signed-off-by: Mathias Krause <minipli@grsecurity.net>
Link: https://lore.kernel.org/r/20240614202859.3597745-2-minipli@grsecurity.net
[sean: tweak comment about INT_MAX assertion]
Signed-off-by: Sean Christopherson <seanjc@google.com>
2024-06-18 08:59:16 -07:00
..
async_pf.c Revert "KVM: async_pf: avoid recursive flushing of work items" 2024-06-03 08:55:55 -07:00
async_pf.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 504 2019-06-19 17:09:56 +02:00
binary_stats.c KVM: stats: remove dead stores 2021-08-13 03:35:15 -04:00
coalesced_mmio.c KVM: destruct kvm_io_device while unregistering it from kvm_io_bus 2023-06-13 14:18:09 -07:00
coalesced_mmio.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dirty_ring.c KVM: Allow arch code to track number of memslot address spaces per VM 2023-11-14 08:01:05 -05:00
eventfd.c Generic: 2024-01-17 13:03:37 -08:00
guest_memfd.c Generic: 2024-01-17 13:03:37 -08:00
irqchip.c KVM: Setup empty IRQ routing when creating a VM 2024-06-11 14:18:34 -07:00
Kconfig Merge branch 'kvm-kconfig' 2024-02-08 08:47:51 -05:00
kvm_main.c KVM: Reject overly excessive IDs in KVM_CREATE_VCPU 2024-06-18 08:59:16 -07:00
kvm_mm.h KVM: Drop unused @may_block param from gfn_to_pfn_cache_invalidate_start() 2024-04-11 12:58:53 -07:00
Makefile.kvm KVM: Add KVM_CREATE_GUEST_MEMFD ioctl() for guest-specific backing memory 2023-11-14 08:01:03 -05:00
pfncache.c KVM: Drop unused @may_block param from gfn_to_pfn_cache_invalidate_start() 2024-04-11 12:58:53 -07:00
vfio.c KVM: Treat the device list as an rculist 2024-04-25 13:19:55 +01:00
vfio.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00