iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f94f053aa3
linux/arch
History
Peter Gonda f94f053aa3 KVM: SVM: Fix potential overflow in SEV's send|receive_update_data() 
KVM_SEV_SEND_UPDATE_DATA and KVM_SEV_RECEIVE_UPDATE_DATA have an integer
overflow issue. Params.guest_len and offset are both 32 bits wide, with a
large params.guest_len the check to confirm a page boundary is not
crossed can falsely pass:

    /* Check if we are crossing the page boundary *
    offset = params.guest_uaddr & (PAGE_SIZE - 1);
    if ((params.guest_len + offset > PAGE_SIZE))

Add an additional check to confirm that params.guest_len itself is not
greater than PAGE_SIZE.

Note, this isn't a security concern as overflow can happen if and only if
params.guest_len is greater than 0xfffff000, and the FW spec says these
commands fail with lengths greater than 16KB, i.e. the PSP will detect
KVM's goof.

Fixes: 15fb7de1a7 ("KVM: SVM: Add KVM_SEV_RECEIVE_UPDATE_DATA command")
Fixes: d3d1af85e2 ("KVM: SVM: Add KVM_SEND_UPDATE_DATA command")
Reported-by: Andy Nguyen <theflow@google.com>
Suggested-by: Thomas Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Peter Gonda <pgonda@google.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Sean Christopherson <seanjc@google.com>
Cc: kvm@vger.kernel.org
Cc: stable@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lore.kernel.org/r/20230207171354.4012821-1-pgonda@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
2023-02-07 14:36:45 -08:00
..
alpha MM patches for 6.2-rc1. 2022-12-13 19:29:45 -08:00
arc MM patches for 6.2-rc1. 2022-12-13 19:29:45 -08:00
arm ARM: renumber bits related to _TIF_WORK_MASK 2023-01-04 07:55:02 -07:00
arm64 Merge branch 'kvm-v6.2-rc4-fixes' into HEAD 2023-01-24 06:05:23 -05:00
csky arch/csky patches for 6.2-rc1 2022-12-19 07:51:30 -06:00
hexagon MM patches for 6.2-rc1. 2022-12-13 19:29:45 -08:00
ia64 - Add the call depth tracking mitigation for Retbleed which has 2022-12-14 15:03:00 -08:00
loongarch LoongArch changes for v6.2 2022-12-19 08:23:27 -06:00
m68k m68k: remove broken strcmp implementation 2022-12-21 08:56:43 -08:00
microblaze MM patches for 6.2-rc1. 2022-12-13 19:29:45 -08:00
mips Merge branch 'kvm-v6.2-rc4-fixes' into HEAD 2023-01-24 06:05:23 -05:00
nios2 MM patches for 6.2-rc1. 2022-12-13 19:29:45 -08:00
openrisc MM patches for 6.2-rc1. 2022-12-13 19:29:45 -08:00
parisc parisc architecture fixes for kernel v6.2-rc1: 2022-12-20 08:43:53 -06:00
powerpc KVM: PPC: Fix refactoring goof in kvmppc_e500mc_init() 2023-01-24 13:00:32 -05:00
riscv Merge branch 'kvm-v6.2-rc4-fixes' into HEAD 2023-01-24 06:05:23 -05:00
s390 KVM: Opt out of generic hardware enabling on s390 and PPC 2022-12-29 15:48:37 -05:00
sh treewide: Convert del_timer*() to timer_shutdown*() 2022-12-25 13:38:09 -08:00
sparc MM patches for 6.2-rc1. 2022-12-13 19:29:45 -08:00
um New Feature: 2022-12-17 14:06:53 -06:00
x86 KVM: SVM: Fix potential overflow in SEV's send|receive_update_data() 2023-02-07 14:36:45 -08:00
xtensa MM patches for 6.2-rc1. 2022-12-13 19:29:45 -08:00
.gitignore
Kconfig arm64 fixes for -rc1 2022-12-16 13:46:41 -06:00