All of lore.kernel.org
 help / color / mirror / Atom feed
From: Alexander Graf <graf@amazon.com>
To: Dan Carpenter <dan.carpenter@oracle.com>, <kbuild@lists.01.org>,
	"Aaron Lewis" <aaronlewis@google.com>, <jmattson@google.com>
Cc: <lkp@intel.com>, <kbuild-all@lists.01.org>, <pshier@google.com>,
	<oupton@google.com>, <kvm@vger.kernel.org>,
	KarimAllah Ahmed <karahmed@amazon.de>
Subject: Re: [PATCH v3 02/12] KVM: x86: Introduce allow list for MSR emulation
Date: Tue, 1 Sep 2020 21:13:10 +0200	[thread overview]
Message-ID: <79dd5f72-a332-a657-674d-f3a9c94146f1@amazon.com> (raw)
In-Reply-To: <20200831103933.GF8299@kadam>



On 31.08.20 12:39, Dan Carpenter wrote:
> 
> Hi Aaron,
> 
> url:    https://github.com/0day-ci/linux/commits/Aaron-Lewis/Allow-userspace-to-manage-MSRs/20200819-051903
> base:   https://git.kernel.org/pub/scm/virt/kvm/kvm.git linux-next
> config: x86_64-randconfig-m001-20200827 (attached as .config)
> compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
> 
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@intel.com>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

Thanks a bunch for looking at this! I'd squash in the change with the 
actual patch as it's tiny, so I'm not sure how attribution would work in 
that case.

> 
> smatch warnings:
> arch/x86/kvm/x86.c:5248 kvm_vm_ioctl_add_msr_allowlist() error: 'bitmap' dereferencing possible ERR_PTR()
> 
> # https://github.com/0day-ci/linux/commit/107c87325cf461b7b1bd07bb6ddbaf808a8d8a2a
> git remote add linux-review https://github.com/0day-ci/linux
> git fetch --no-tags linux-review Aaron-Lewis/Allow-userspace-to-manage-MSRs/20200819-051903
> git checkout 107c87325cf461b7b1bd07bb6ddbaf808a8d8a2a
> vim +/bitmap +5248 arch/x86/kvm/x86.c
> 
> 107c87325cf461 Aaron Lewis 2020-08-18  5181  static int kvm_vm_ioctl_add_msr_allowlist(struct kvm *kvm, void __user *argp)
> 107c87325cf461 Aaron Lewis 2020-08-18  5182  {
> 107c87325cf461 Aaron Lewis 2020-08-18  5183     struct msr_bitmap_range *ranges = kvm->arch.msr_allowlist_ranges;
> 107c87325cf461 Aaron Lewis 2020-08-18  5184     struct kvm_msr_allowlist __user *user_msr_allowlist = argp;
> 107c87325cf461 Aaron Lewis 2020-08-18  5185     struct msr_bitmap_range range;
> 107c87325cf461 Aaron Lewis 2020-08-18  5186     struct kvm_msr_allowlist kernel_msr_allowlist;
> 107c87325cf461 Aaron Lewis 2020-08-18  5187     unsigned long *bitmap = NULL;
> 107c87325cf461 Aaron Lewis 2020-08-18  5188     size_t bitmap_size;
> 107c87325cf461 Aaron Lewis 2020-08-18  5189     int r = 0;
> 107c87325cf461 Aaron Lewis 2020-08-18  5190
> 107c87325cf461 Aaron Lewis 2020-08-18  5191     if (copy_from_user(&kernel_msr_allowlist, user_msr_allowlist,
> 107c87325cf461 Aaron Lewis 2020-08-18  5192                        sizeof(kernel_msr_allowlist))) {
> 107c87325cf461 Aaron Lewis 2020-08-18  5193             r = -EFAULT;
> 107c87325cf461 Aaron Lewis 2020-08-18  5194             goto out;
> 107c87325cf461 Aaron Lewis 2020-08-18  5195     }
> 107c87325cf461 Aaron Lewis 2020-08-18  5196
> 107c87325cf461 Aaron Lewis 2020-08-18  5197     bitmap_size = BITS_TO_LONGS(kernel_msr_allowlist.nmsrs) * sizeof(long);
>                                                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^n
> On 32 bit systems the BITS_TO_LONGS() can integer overflow if
> kernel_msr_allowlist.nmsrs is larger than ULONG_MAX - bits_per_long.  In
> that case bitmap_size is zero.

Nice catch! It should be enough to ...

> 
> 107c87325cf461 Aaron Lewis 2020-08-18  5198     if (bitmap_size > KVM_MSR_ALLOWLIST_MAX_LEN) {

... add a check for !bitmap_size here as well then, right?

> 107c87325cf461 Aaron Lewis 2020-08-18  5199             r = -EINVAL;
> 107c87325cf461 Aaron Lewis 2020-08-18  5200             goto out;
> 107c87325cf461 Aaron Lewis 2020-08-18  5201     }
> 107c87325cf461 Aaron Lewis 2020-08-18  5202
> 107c87325cf461 Aaron Lewis 2020-08-18  5203     bitmap = memdup_user(user_msr_allowlist->bitmap, bitmap_size);
> 107c87325cf461 Aaron Lewis 2020-08-18  5204     if (IS_ERR(bitmap)) {
> 107c87325cf461 Aaron Lewis 2020-08-18  5205             r = PTR_ERR(bitmap);
> 107c87325cf461 Aaron Lewis 2020-08-18  5206             goto out;
>                                                          ^^^^^^^^
> "out" is always a vague label name.  It's better style to return
> directly instead of doing a complicated no-op.
> 
>          if (IS_ERR(bitmap))
>                  return PTR_ERR(bitmap);

I agree 100% :). In fact, I agree so much that I already did change it 
for v6 last week, just did not send it out yet.

> 
> 107c87325cf461 Aaron Lewis 2020-08-18  5207     }
> 107c87325cf461 Aaron Lewis 2020-08-18  5208
> 107c87325cf461 Aaron Lewis 2020-08-18  5209     range = (struct msr_bitmap_range) {
> 107c87325cf461 Aaron Lewis 2020-08-18  5210             .flags = kernel_msr_allowlist.flags,
> 107c87325cf461 Aaron Lewis 2020-08-18  5211             .base = kernel_msr_allowlist.base,
> 107c87325cf461 Aaron Lewis 2020-08-18  5212             .nmsrs = kernel_msr_allowlist.nmsrs,
> 107c87325cf461 Aaron Lewis 2020-08-18  5213             .bitmap = bitmap,
> 
> In case of overflow then "bitmap" is 0x16 and .nmsrs is a very high
> number.

The overflow case should disappear with the additional check above, right?


Alex



Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879




  reply	other threads:[~2020-09-01 19:13 UTC|newest]

Thread overview: 50+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-18 21:15 [PATCH v3 00/12] Allow userspace to manage MSRs Aaron Lewis
2020-08-18 21:15 ` [PATCH v3 01/12] KVM: x86: Deflect unknown MSR accesses to user space Aaron Lewis
2020-08-19  8:42   ` Alexander Graf
2020-08-18 21:15 ` [PATCH v3 02/12] KVM: x86: Introduce allow list for MSR emulation Aaron Lewis
2020-08-19  8:53   ` Alexander Graf
2020-08-31 10:39   ` Dan Carpenter
2020-08-31 10:39     ` Dan Carpenter
2020-08-31 10:39     ` Dan Carpenter
2020-09-01 19:13     ` Alexander Graf [this message]
2020-09-02  7:31       ` Dan Carpenter
2020-09-02  7:31         ` Dan Carpenter
2020-09-02  7:31         ` Dan Carpenter
2020-08-18 21:15 ` [PATCH v3 03/12] KVM: selftests: Add test for user space MSR handling Aaron Lewis
2020-08-18 21:15 ` [PATCH v3 04/12] KVM: x86: Add ioctl for accepting a userspace provided MSR list Aaron Lewis
2020-08-19  9:00   ` Alexander Graf
2020-08-20 17:30     ` Jim Mattson
2020-08-20 21:49       ` Alexander Graf
2020-08-20 22:28         ` Jim Mattson
2020-08-18 21:15 ` [PATCH v3 05/12] KVM: x86: Add support for exiting to userspace on rdmsr or wrmsr Aaron Lewis
2020-08-19 10:25   ` Alexander Graf
2020-08-20 18:17   ` Jim Mattson
2020-08-20 21:59     ` Alexander Graf
2020-08-20 22:55       ` Jim Mattson
2020-08-21 17:58         ` Jim Mattson
2020-08-24  1:35           ` Alexander Graf
2020-08-24 17:23             ` Jim Mattson
2020-08-24 18:09               ` Alexander Graf
2020-08-24 18:34                 ` Jim Mattson
2020-08-18 21:15 ` [PATCH v3 06/12] KVM: x86: Prepare MSR bitmaps for userspace tracked MSRs Aaron Lewis
2020-08-18 21:15 ` [PATCH v3 07/12] KVM: x86: Ensure the MSR bitmap never clears " Aaron Lewis
2020-08-19  1:12   ` kernel test robot
2020-08-19  1:12     ` kernel test robot
2020-08-19  1:12   ` [RFC PATCH] KVM: x86: vmx_set_user_msr_intercept() can be static kernel test robot
2020-08-19  1:12     ` kernel test robot
2020-08-19 15:26   ` [PATCH v3 07/12] KVM: x86: Ensure the MSR bitmap never clears userspace tracked MSRs Alexander Graf
2020-08-20  0:18     ` Aaron Lewis
2020-08-20 22:04       ` Alexander Graf
2020-08-20 22:35         ` Jim Mattson
2020-08-21 14:27           ` Aaron Lewis
2020-08-21 16:07             ` Alexander Graf
2020-08-21 16:43               ` Aaron Lewis
2020-08-26 15:48   ` kernel test robot
2020-08-26 15:48     ` kernel test robot
2020-08-18 21:15 ` [PATCH v3 08/12] selftests: kvm: Fix the segment descriptor layout to match the actual layout Aaron Lewis
2020-08-18 21:15 ` [PATCH v3 09/12] selftests: kvm: Clear uc so UCALL_NONE is being properly reported Aaron Lewis
2020-08-19  9:13   ` Andrew Jones
2020-08-18 21:15 ` [PATCH v3 10/12] selftests: kvm: Add exception handling to selftests Aaron Lewis
2020-08-18 21:15 ` [PATCH v3 11/12] selftests: kvm: Add a test to exercise the userspace MSR list Aaron Lewis
2020-08-18 21:15 ` [PATCH v3 12/12] selftests: kvm: Add emulated rdmsr, wrmsr tests Aaron Lewis
2020-08-27 14:06 [PATCH v3 02/12] KVM: x86: Introduce allow list for MSR emulation kernel test robot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=79dd5f72-a332-a657-674d-f3a9c94146f1@amazon.com \
    --to=graf@amazon.com \
    --cc=aaronlewis@google.com \
    --cc=dan.carpenter@oracle.com \
    --cc=jmattson@google.com \
    --cc=karahmed@amazon.de \
    --cc=kbuild-all@lists.01.org \
    --cc=kbuild@lists.01.org \
    --cc=kvm@vger.kernel.org \
    --cc=lkp@intel.com \
    --cc=oupton@google.com \
    --cc=pshier@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.