mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-07 22:42:04 +00:00
Common KVM changes for 6.8:
- Use memdup_array_user() to harden against overflow. - Unconditionally advertise KVM_CAP_DEVICE_CTRL for all architectures. -----BEGIN PGP SIGNATURE----- iQJGBAABCgAwFiEEMHr+pfEFOIzK+KY1YJEiAU0MEvkFAmWW8F4SHHNlYW5qY0Bn b29nbGUuY29tAAoJEGCRIgFNDBL5urcP/Rex6Too26aHJXelUVHlFOGw3hfOnvbq Wr/P3kPqB/1Mncx3aiYTpEvUxFjVTvIkMB5dWba39Eq/G1BbOT2CAHCunlvKJrXy L83YgOl17QtZZJS1KmLTRCj1umfl4Z0c+GEIH+P1FOuOmllNXlLJ1+GWmolP6LLf u4DF2/tyVZf8JXXeJWYITHsU0YQQ0MhHgYL8/aMYJK8epNFpR3wKIqT3428ASxV3 Ru4WH7jpYkFF7PaKbvjKdepr+1wyVt4PXJDDpciCScz45/8eebgfylLJbMglpsR1 JSUTzd6KdCbekgzp51NnRdoIxP+MXgKA3dIuzXKyIDzm2Xq6tna87ve/aWDGw8JC nUMkP/vAuaKT+/QTOwskGAvK2GYDQD1UwVcFNLi12Iis50H0qPwcxsUionQuZgUC ykCmY4N31rSX4DhPg1WLiqsvC/EeDhfXprYrfSd4HQq08NgD45orRJw0Kov+shcS xijIlE1e3aVJMRrbfoSWyc4m79AcooxjYwojQC1Ayqsq0ZTTzzIpd6rqjmY+LbLL aP/wNz8hCfMhFekUV7dDk9rMdZY+bBnTiolyKAN66E6EnPYfl2EdrDEGnZOCPXF4 L/O/kMCXHE90cszzrmiR40yNHLkPelij8sK+ligE4JpqteQ7ia/knh8YAiPBxDw6 XcIfftXMm5XG =wpT4 -----END PGP SIGNATURE----- Merge tag 'kvm-x86-generic-6.8' of https://github.com/kvm-x86/linux into HEAD Common KVM changes for 6.8: - Use memdup_array_user() to harden against overflow. - Unconditionally advertise KVM_CAP_DEVICE_CTRL for all architectures.
This commit is contained in:
commit
fb872da8e7
@ -221,7 +221,6 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
|
|||||||
r = vgic_present;
|
r = vgic_present;
|
||||||
break;
|
break;
|
||||||
case KVM_CAP_IOEVENTFD:
|
case KVM_CAP_IOEVENTFD:
|
||||||
case KVM_CAP_DEVICE_CTRL:
|
|
||||||
case KVM_CAP_USER_MEMORY:
|
case KVM_CAP_USER_MEMORY:
|
||||||
case KVM_CAP_SYNC_MMU:
|
case KVM_CAP_SYNC_MMU:
|
||||||
case KVM_CAP_DESTROY_MEMORY_REGION_WORKS:
|
case KVM_CAP_DESTROY_MEMORY_REGION_WORKS:
|
||||||
|
@ -528,7 +528,6 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
|
|||||||
case KVM_CAP_ENABLE_CAP:
|
case KVM_CAP_ENABLE_CAP:
|
||||||
case KVM_CAP_ONE_REG:
|
case KVM_CAP_ONE_REG:
|
||||||
case KVM_CAP_IOEVENTFD:
|
case KVM_CAP_IOEVENTFD:
|
||||||
case KVM_CAP_DEVICE_CTRL:
|
|
||||||
case KVM_CAP_IMMEDIATE_EXIT:
|
case KVM_CAP_IMMEDIATE_EXIT:
|
||||||
case KVM_CAP_SET_GUEST_DEBUG:
|
case KVM_CAP_SET_GUEST_DEBUG:
|
||||||
r = 1;
|
r = 1;
|
||||||
|
@ -179,7 +179,6 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
|
|||||||
r = kvm_riscv_aia_available();
|
r = kvm_riscv_aia_available();
|
||||||
break;
|
break;
|
||||||
case KVM_CAP_IOEVENTFD:
|
case KVM_CAP_IOEVENTFD:
|
||||||
case KVM_CAP_DEVICE_CTRL:
|
|
||||||
case KVM_CAP_USER_MEMORY:
|
case KVM_CAP_USER_MEMORY:
|
||||||
case KVM_CAP_SYNC_MMU:
|
case KVM_CAP_SYNC_MMU:
|
||||||
case KVM_CAP_DESTROY_MEMORY_REGION_WORKS:
|
case KVM_CAP_DESTROY_MEMORY_REGION_WORKS:
|
||||||
|
@ -213,8 +213,8 @@ int kvm_s390_import_bp_data(struct kvm_vcpu *vcpu,
|
|||||||
else if (dbg->arch.nr_hw_bp > MAX_BP_COUNT)
|
else if (dbg->arch.nr_hw_bp > MAX_BP_COUNT)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
bp_data = memdup_user(dbg->arch.hw_bp,
|
bp_data = memdup_array_user(dbg->arch.hw_bp, dbg->arch.nr_hw_bp,
|
||||||
sizeof(*bp_data) * dbg->arch.nr_hw_bp);
|
sizeof(*bp_data));
|
||||||
if (IS_ERR(bp_data))
|
if (IS_ERR(bp_data))
|
||||||
return PTR_ERR(bp_data);
|
return PTR_ERR(bp_data);
|
||||||
|
|
||||||
|
@ -563,7 +563,6 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
|
|||||||
case KVM_CAP_ENABLE_CAP:
|
case KVM_CAP_ENABLE_CAP:
|
||||||
case KVM_CAP_S390_CSS_SUPPORT:
|
case KVM_CAP_S390_CSS_SUPPORT:
|
||||||
case KVM_CAP_IOEVENTFD:
|
case KVM_CAP_IOEVENTFD:
|
||||||
case KVM_CAP_DEVICE_CTRL:
|
|
||||||
case KVM_CAP_S390_IRQCHIP:
|
case KVM_CAP_S390_IRQCHIP:
|
||||||
case KVM_CAP_VM_ATTRIBUTES:
|
case KVM_CAP_VM_ATTRIBUTES:
|
||||||
case KVM_CAP_MP_STATE:
|
case KVM_CAP_MP_STATE:
|
||||||
|
@ -469,7 +469,7 @@ int kvm_vcpu_ioctl_set_cpuid(struct kvm_vcpu *vcpu,
|
|||||||
return -E2BIG;
|
return -E2BIG;
|
||||||
|
|
||||||
if (cpuid->nent) {
|
if (cpuid->nent) {
|
||||||
e = vmemdup_user(entries, array_size(sizeof(*e), cpuid->nent));
|
e = vmemdup_array_user(entries, cpuid->nent, sizeof(*e));
|
||||||
if (IS_ERR(e))
|
if (IS_ERR(e))
|
||||||
return PTR_ERR(e);
|
return PTR_ERR(e);
|
||||||
|
|
||||||
@ -513,7 +513,7 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu,
|
|||||||
return -E2BIG;
|
return -E2BIG;
|
||||||
|
|
||||||
if (cpuid->nent) {
|
if (cpuid->nent) {
|
||||||
e2 = vmemdup_user(entries, array_size(sizeof(*e2), cpuid->nent));
|
e2 = vmemdup_array_user(entries, cpuid->nent, sizeof(*e2));
|
||||||
if (IS_ERR(e2))
|
if (IS_ERR(e2))
|
||||||
return PTR_ERR(e2);
|
return PTR_ERR(e2);
|
||||||
}
|
}
|
||||||
|
@ -4867,6 +4867,7 @@ static int kvm_vm_ioctl_check_extension_generic(struct kvm *kvm, long arg)
|
|||||||
#endif
|
#endif
|
||||||
case KVM_CAP_BINARY_STATS_FD:
|
case KVM_CAP_BINARY_STATS_FD:
|
||||||
case KVM_CAP_SYSTEM_EVENT_DATA:
|
case KVM_CAP_SYSTEM_EVENT_DATA:
|
||||||
|
case KVM_CAP_DEVICE_CTRL:
|
||||||
return 1;
|
return 1;
|
||||||
#ifdef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES
|
#ifdef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES
|
||||||
case KVM_CAP_MEMORY_ATTRIBUTES:
|
case KVM_CAP_MEMORY_ATTRIBUTES:
|
||||||
@ -5256,9 +5257,8 @@ static long kvm_vm_ioctl(struct file *filp,
|
|||||||
goto out;
|
goto out;
|
||||||
if (routing.nr) {
|
if (routing.nr) {
|
||||||
urouting = argp;
|
urouting = argp;
|
||||||
entries = vmemdup_user(urouting->entries,
|
entries = vmemdup_array_user(urouting->entries,
|
||||||
array_size(sizeof(*entries),
|
routing.nr, sizeof(*entries));
|
||||||
routing.nr));
|
|
||||||
if (IS_ERR(entries)) {
|
if (IS_ERR(entries)) {
|
||||||
r = PTR_ERR(entries);
|
r = PTR_ERR(entries);
|
||||||
goto out;
|
goto out;
|
||||||
|
Loading…
Reference in New Issue
Block a user