aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/arch/arm64/kvm/hypercalls.c
diff options
context:
space:
mode:
authorPaolo Bonzini <pbonzini@redhat.com>2023-04-21 19:19:02 -0400
committerPaolo Bonzini <pbonzini@redhat.com>2023-04-21 19:19:02 -0400
commit265b97cbc22e0f67f79a71443b60dc1237ca5ee6 (patch)
treefb42627096d8efe1e76a482a66cc13fac76e7ca4 /arch/arm64/kvm/hypercalls.c
parentMerge tag 'kvmarm-fixes-6.3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD (diff)
parentKVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (diff)
downloadwireguard-linux-265b97cbc22e0f67f79a71443b60dc1237ca5ee6.tar.xz
wireguard-linux-265b97cbc22e0f67f79a71443b60dc1237ca5ee6.zip
Merge tag 'kvmarm-fixes-6.3-4' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD
KVM/arm64 fixes for 6.3, part #4 - Plug a buffer overflow due to the use of the user-provided register width for firmware regs. Outright reject accesses where the user register width does not match the kernel representation. - Protect non-atomic RMW operations on vCPU flags against preemption, as an update to the flags by an intervening preemption could be lost.
Diffstat (limited to '')
-rw-r--r--arch/arm64/kvm/hypercalls.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/arch/arm64/kvm/hypercalls.c b/arch/arm64/kvm/hypercalls.c
index 5da884e11337..c4b4678bc4a4 100644
--- a/arch/arm64/kvm/hypercalls.c
+++ b/arch/arm64/kvm/hypercalls.c
@@ -397,6 +397,8 @@ int kvm_arm_set_fw_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)
u64 val;
int wa_level;
+ if (KVM_REG_SIZE(reg->id) != sizeof(val))
+ return -ENOENT;
if (copy_from_user(&val, uaddr, KVM_REG_SIZE(reg->id)))
return -EFAULT;
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.