CC: kbuild-all(a)lists.01.org In-Reply-To: <20200818211533.849501-3-aaronlewis@google.com> References: <20200818211533.849501-3-aaronlewis@google.com> TO: Aaron Lewis TO: jmattson(a)google.com TO: graf(a)amazon.com CC: pshier(a)google.com CC: oupton(a)google.com CC: kvm(a)vger.kernel.org CC: Aaron Lewis CC: KarimAllah Ahmed Hi Aaron, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on kvm/linux-next] [also build test WARNING on v5.9-rc2 next-20200827] [cannot apply to kvms390/next vhost/linux-next] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/0day-ci/linux/commits/Aaron-Lewis/Allow-userspace-to-manage-MSRs/20200819-051903 base: https://git.kernel.org/pub/scm/virt/kvm/kvm.git linux-next :::::: branch date: 9 days ago :::::: commit date: 9 days ago config: x86_64-randconfig-m001-20200827 (attached as .config) compiler: gcc-9 (Debian 9.3.0-15) 9.3.0 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot Reported-by: Dan Carpenter smatch warnings: arch/x86/kvm/x86.c:5248 kvm_vm_ioctl_add_msr_allowlist() error: 'bitmap' dereferencing possible ERR_PTR() # https://github.com/0day-ci/linux/commit/107c87325cf461b7b1bd07bb6ddbaf808a8d8a2a git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review Aaron-Lewis/Allow-userspace-to-manage-MSRs/20200819-051903 git checkout 107c87325cf461b7b1bd07bb6ddbaf808a8d8a2a vim +/bitmap +5248 arch/x86/kvm/x86.c 107c87325cf461 Aaron Lewis 2020-08-18 5180 107c87325cf461 Aaron Lewis 2020-08-18 5181 static int kvm_vm_ioctl_add_msr_allowlist(struct kvm *kvm, void __user *argp) 107c87325cf461 Aaron Lewis 2020-08-18 5182 { 107c87325cf461 Aaron Lewis 2020-08-18 5183 struct msr_bitmap_range *ranges = kvm->arch.msr_allowlist_ranges; 107c87325cf461 Aaron Lewis 2020-08-18 5184 struct kvm_msr_allowlist __user *user_msr_allowlist = argp; 107c87325cf461 Aaron Lewis 2020-08-18 5185 struct msr_bitmap_range range; 107c87325cf461 Aaron Lewis 2020-08-18 5186 struct kvm_msr_allowlist kernel_msr_allowlist; 107c87325cf461 Aaron Lewis 2020-08-18 5187 unsigned long *bitmap = NULL; 107c87325cf461 Aaron Lewis 2020-08-18 5188 size_t bitmap_size; 107c87325cf461 Aaron Lewis 2020-08-18 5189 int r = 0; 107c87325cf461 Aaron Lewis 2020-08-18 5190 107c87325cf461 Aaron Lewis 2020-08-18 5191 if (copy_from_user(&kernel_msr_allowlist, user_msr_allowlist, 107c87325cf461 Aaron Lewis 2020-08-18 5192 sizeof(kernel_msr_allowlist))) { 107c87325cf461 Aaron Lewis 2020-08-18 5193 r = -EFAULT; 107c87325cf461 Aaron Lewis 2020-08-18 5194 goto out; 107c87325cf461 Aaron Lewis 2020-08-18 5195 } 107c87325cf461 Aaron Lewis 2020-08-18 5196 107c87325cf461 Aaron Lewis 2020-08-18 5197 bitmap_size = BITS_TO_LONGS(kernel_msr_allowlist.nmsrs) * sizeof(long); 107c87325cf461 Aaron Lewis 2020-08-18 5198 if (bitmap_size > KVM_MSR_ALLOWLIST_MAX_LEN) { 107c87325cf461 Aaron Lewis 2020-08-18 5199 r = -EINVAL; 107c87325cf461 Aaron Lewis 2020-08-18 5200 goto out; 107c87325cf461 Aaron Lewis 2020-08-18 5201 } 107c87325cf461 Aaron Lewis 2020-08-18 5202 107c87325cf461 Aaron Lewis 2020-08-18 5203 bitmap = memdup_user(user_msr_allowlist->bitmap, bitmap_size); 107c87325cf461 Aaron Lewis 2020-08-18 5204 if (IS_ERR(bitmap)) { 107c87325cf461 Aaron Lewis 2020-08-18 5205 r = PTR_ERR(bitmap); 107c87325cf461 Aaron Lewis 2020-08-18 5206 goto out; 107c87325cf461 Aaron Lewis 2020-08-18 5207 } 107c87325cf461 Aaron Lewis 2020-08-18 5208 107c87325cf461 Aaron Lewis 2020-08-18 5209 range = (struct msr_bitmap_range) { 107c87325cf461 Aaron Lewis 2020-08-18 5210 .flags = kernel_msr_allowlist.flags, 107c87325cf461 Aaron Lewis 2020-08-18 5211 .base = kernel_msr_allowlist.base, 107c87325cf461 Aaron Lewis 2020-08-18 5212 .nmsrs = kernel_msr_allowlist.nmsrs, 107c87325cf461 Aaron Lewis 2020-08-18 5213 .bitmap = bitmap, 107c87325cf461 Aaron Lewis 2020-08-18 5214 }; 107c87325cf461 Aaron Lewis 2020-08-18 5215 107c87325cf461 Aaron Lewis 2020-08-18 5216 if (range.flags & ~(KVM_MSR_ALLOW_READ | KVM_MSR_ALLOW_WRITE)) { 107c87325cf461 Aaron Lewis 2020-08-18 5217 r = -EINVAL; 107c87325cf461 Aaron Lewis 2020-08-18 5218 goto out; 107c87325cf461 Aaron Lewis 2020-08-18 5219 } 107c87325cf461 Aaron Lewis 2020-08-18 5220 107c87325cf461 Aaron Lewis 2020-08-18 5221 /* 107c87325cf461 Aaron Lewis 2020-08-18 5222 * Protect from concurrent calls to this function that could trigger 107c87325cf461 Aaron Lewis 2020-08-18 5223 * a TOCTOU violation on kvm->arch.msr_allowlist_ranges_count. 107c87325cf461 Aaron Lewis 2020-08-18 5224 */ 107c87325cf461 Aaron Lewis 2020-08-18 5225 mutex_lock(&kvm->lock); 107c87325cf461 Aaron Lewis 2020-08-18 5226 107c87325cf461 Aaron Lewis 2020-08-18 5227 if (kvm->arch.msr_allowlist_ranges_count >= 107c87325cf461 Aaron Lewis 2020-08-18 5228 ARRAY_SIZE(kvm->arch.msr_allowlist_ranges)) { 107c87325cf461 Aaron Lewis 2020-08-18 5229 r = -E2BIG; 107c87325cf461 Aaron Lewis 2020-08-18 5230 goto out_locked; 107c87325cf461 Aaron Lewis 2020-08-18 5231 } 107c87325cf461 Aaron Lewis 2020-08-18 5232 107c87325cf461 Aaron Lewis 2020-08-18 5233 if (msr_range_overlaps(kvm, &range)) { 107c87325cf461 Aaron Lewis 2020-08-18 5234 r = -EINVAL; 107c87325cf461 Aaron Lewis 2020-08-18 5235 goto out_locked; 107c87325cf461 Aaron Lewis 2020-08-18 5236 } 107c87325cf461 Aaron Lewis 2020-08-18 5237 107c87325cf461 Aaron Lewis 2020-08-18 5238 /* Everything ok, add this range identifier to our global pool */ 107c87325cf461 Aaron Lewis 2020-08-18 5239 ranges[kvm->arch.msr_allowlist_ranges_count] = range; 107c87325cf461 Aaron Lewis 2020-08-18 5240 /* Make sure we filled the array before we tell anyone to walk it */ 107c87325cf461 Aaron Lewis 2020-08-18 5241 smp_wmb(); 107c87325cf461 Aaron Lewis 2020-08-18 5242 kvm->arch.msr_allowlist_ranges_count++; 107c87325cf461 Aaron Lewis 2020-08-18 5243 107c87325cf461 Aaron Lewis 2020-08-18 5244 out_locked: 107c87325cf461 Aaron Lewis 2020-08-18 5245 mutex_unlock(&kvm->lock); 107c87325cf461 Aaron Lewis 2020-08-18 5246 out: 107c87325cf461 Aaron Lewis 2020-08-18 5247 if (r) 107c87325cf461 Aaron Lewis 2020-08-18 @5248 kfree(bitmap); 107c87325cf461 Aaron Lewis 2020-08-18 5249 107c87325cf461 Aaron Lewis 2020-08-18 5250 return r; 107c87325cf461 Aaron Lewis 2020-08-18 5251 } 107c87325cf461 Aaron Lewis 2020-08-18 5252 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org