Skip to content

Commit

Permalink
Merge tag 'kvmarm-fixes-6.3-4' of git://git.kernel.org/pub/scm/linux/…
Browse files Browse the repository at this point in the history 
…kernel/git/kvmarm/kvmarm into HEAD

KVM/arm64 fixes for 6.3, part #4

 - Plug a buffer overflow due to the use of the user-provided register
   width for firmware regs. Outright reject accesses where the
   user register width does not match the kernel representation.

 - Protect non-atomic RMW operations on vCPU flags against preemption,
   as an update to the flags by an intervening preemption could be lost.
  • Loading branch information
@bonzini
bonzini committed Apr 21, 2023
2 parents 0bf9601 + a25bc84 commit 265b97c
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 1 deletion.
19 changes: 18 additions & 1 deletion arch/arm64/include/asm/kvm_host.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -576,19 +576,34 @@ struct kvm_vcpu_arch {
({ \
__build_check_flag(v, flagset, f, m); \
\
v->arch.flagset & (m); \
READ_ONCE(v->arch.flagset) & (m); \
})

/*
* Note that the set/clear accessors must be preempt-safe in order to
* avoid nesting them with load/put which also manipulate flags...
*/
#ifdef __KVM_NVHE_HYPERVISOR__
/* the nVHE hypervisor is always non-preemptible */
#define __vcpu_flags_preempt_disable()
#define __vcpu_flags_preempt_enable()
#else
#define __vcpu_flags_preempt_disable() preempt_disable()
#define __vcpu_flags_preempt_enable() preempt_enable()
#endif

#define __vcpu_set_flag(v, flagset, f, m) \
do { \
typeof(v->arch.flagset) *fset; \
\
__build_check_flag(v, flagset, f, m); \
\
fset = &v->arch.flagset; \
__vcpu_flags_preempt_disable(); \
if (HWEIGHT(m) > 1) \
*fset &= ~(m); \
*fset |= (f); \
__vcpu_flags_preempt_enable(); \
} while (0)

#define __vcpu_clear_flag(v, flagset, f, m) \
Expand All @@ -598,7 +613,9 @@ struct kvm_vcpu_arch {
__build_check_flag(v, flagset, f, m); \
\
fset = &v->arch.flagset; \
__vcpu_flags_preempt_disable(); \
*fset &= ~(m); \
__vcpu_flags_preempt_enable(); \
} while (0)

#define vcpu_get_flag(v, ...) __vcpu_get_flag((v), __VA_ARGS__)
Expand Down
2 changes: 2 additions & 0 deletions arch/arm64/kvm/hypercalls.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -397,6 +397,8 @@ int kvm_arm_set_fw_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)
u64 val;
int wa_level;

if (KVM_REG_SIZE(reg->id) != sizeof(val))
return -ENOENT;
if (copy_from_user(&val, uaddr, KVM_REG_SIZE(reg->id)))
return -EFAULT;

Expand Down

0 comments on commit 265b97c

Please sign in to comment.