kvm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 0/2] KVM: SVM: Fix error handling bugs in SEV migration
@ 2021-05-06 17:58 Sean Christopherson
  2021-05-06 17:58 ` [PATCH 1/2] KVM: SVM: Return -EFAULT if copy_to_user() for SEV mig packet header fails Sean Christopherson
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Sean Christopherson @ 2021-05-06 17:58 UTC (permalink / raw)
  To: Paolo Bonzini
  Cc: Sean Christopherson, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
	Joerg Roedel, kvm, linux-kernel, Dan Carpenter, Steve Rutherford,
	Brijesh Singh, Ashish Kalra

Fixes for bugs reported by Dan Carpenter, found by static analysis.  All
credit goes to Dan, the bug report all but wrote the code for me.

Compile tested only, I don't have a SEV migration sussed out yet.

Sean Christopherson (2):
  KVM: SVM: Return -EFAULT if copy_to_user() for SEV mig packet header
    fails
  KVM: SVM: Fix sev_pin_memory() error checks in SEV migration utilities

 arch/x86/kvm/svm/sev.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

-- 
2.31.1.607.g51e8a6a459-goog


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH 1/2] KVM: SVM: Return -EFAULT if copy_to_user() for SEV mig packet header fails
  2021-05-06 17:58 [PATCH 0/2] KVM: SVM: Fix error handling bugs in SEV migration Sean Christopherson
@ 2021-05-06 17:58 ` Sean Christopherson
  2021-05-06 17:58 ` [PATCH 2/2] KVM: SVM: Fix sev_pin_memory() error checks in SEV migration utilities Sean Christopherson
  2021-07-07 13:42 ` [PATCH 0/2] KVM: SVM: Fix error handling bugs in SEV migration Dan Carpenter
  2 siblings, 0 replies; 5+ messages in thread
From: Sean Christopherson @ 2021-05-06 17:58 UTC (permalink / raw)
  To: Paolo Bonzini
  Cc: Sean Christopherson, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
	Joerg Roedel, kvm, linux-kernel, Dan Carpenter, Steve Rutherford,
	Brijesh Singh, Ashish Kalra

Return -EFAULT if copy_to_user() fails; if accessing user memory faults,
copy_to_user() returns the number of bytes remaining, not an error code.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Steve Rutherford <srutherford@google.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Fixes: d3d1af85e2c7 ("KVM: SVM: Add KVM_SEND_UPDATE_DATA command")
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/svm/sev.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index a9d8d6aafdb8..1f99c240db6d 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -1303,8 +1303,9 @@ static int sev_send_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp)
 	}
 
 	/* Copy packet header to userspace. */
-	ret = copy_to_user((void __user *)(uintptr_t)params.hdr_uaddr, hdr,
-				params.hdr_len);
+	if (copy_to_user((void __user *)(uintptr_t)params.hdr_uaddr, hdr,
+			 params.hdr_len))
+		ret = -EFAULT;
 
 e_free_trans_data:
 	kfree(trans_data);
-- 
2.31.1.607.g51e8a6a459-goog


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH 2/2] KVM: SVM: Fix sev_pin_memory() error checks in SEV migration utilities
  2021-05-06 17:58 [PATCH 0/2] KVM: SVM: Fix error handling bugs in SEV migration Sean Christopherson
  2021-05-06 17:58 ` [PATCH 1/2] KVM: SVM: Return -EFAULT if copy_to_user() for SEV mig packet header fails Sean Christopherson
@ 2021-05-06 17:58 ` Sean Christopherson
  2021-07-07 13:42 ` [PATCH 0/2] KVM: SVM: Fix error handling bugs in SEV migration Dan Carpenter
  2 siblings, 0 replies; 5+ messages in thread
From: Sean Christopherson @ 2021-05-06 17:58 UTC (permalink / raw)
  To: Paolo Bonzini
  Cc: Sean Christopherson, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
	Joerg Roedel, kvm, linux-kernel, Dan Carpenter, Steve Rutherford,
	Brijesh Singh, Ashish Kalra

Use IS_ERR() instead of checking for a NULL pointer when querying for
sev_pin_memory() failures.  sev_pin_memory() always returns an error code
cast to a pointer, or a valid pointer; it never returns NULL.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Steve Rutherford <srutherford@google.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Fixes: d3d1af85e2c7 ("KVM: SVM: Add KVM_SEND_UPDATE_DATA command")
Fixes: 15fb7de1a7f5 ("KVM: SVM: Add KVM_SEV_RECEIVE_UPDATE_DATA command")
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/svm/sev.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 1f99c240db6d..9b23b7ac60fa 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -1265,8 +1265,8 @@ static int sev_send_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp)
 	/* Pin guest memory */
 	guest_page = sev_pin_memory(kvm, params.guest_uaddr & PAGE_MASK,
 				    PAGE_SIZE, &n, 0);
-	if (!guest_page)
-		return -EFAULT;
+	if (IS_ERR(guest_page))
+		return PTR_ERR(guest_page);
 
 	/* allocate memory for header and transport buffer */
 	ret = -ENOMEM;
@@ -1457,11 +1457,12 @@ static int sev_receive_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp)
 	data.trans_len = params.trans_len;
 
 	/* Pin guest memory */
-	ret = -EFAULT;
 	guest_page = sev_pin_memory(kvm, params.guest_uaddr & PAGE_MASK,
 				    PAGE_SIZE, &n, 0);
-	if (!guest_page)
+	if (IS_ERR(guest_page)) {
+		ret = PTR_ERR(guest_page);
 		goto e_free_trans;
+	}
 
 	/* The RECEIVE_UPDATE_DATA command requires C-bit to be always set. */
 	data.guest_address = (page_to_pfn(guest_page[0]) << PAGE_SHIFT) + offset;
-- 
2.31.1.607.g51e8a6a459-goog


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 0/2] KVM: SVM: Fix error handling bugs in SEV migration
  2021-05-06 17:58 [PATCH 0/2] KVM: SVM: Fix error handling bugs in SEV migration Sean Christopherson
  2021-05-06 17:58 ` [PATCH 1/2] KVM: SVM: Return -EFAULT if copy_to_user() for SEV mig packet header fails Sean Christopherson
  2021-05-06 17:58 ` [PATCH 2/2] KVM: SVM: Fix sev_pin_memory() error checks in SEV migration utilities Sean Christopherson
@ 2021-07-07 13:42 ` Dan Carpenter
  2021-07-08 17:24   ` Paolo Bonzini
  2 siblings, 1 reply; 5+ messages in thread
From: Dan Carpenter @ 2021-07-07 13:42 UTC (permalink / raw)
  To: Sean Christopherson
  Cc: Paolo Bonzini, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
	Joerg Roedel, kvm, linux-kernel, Steve Rutherford, Brijesh Singh,
	Ashish Kalra

These patches were never applied.

regards,
dan carpenter


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 0/2] KVM: SVM: Fix error handling bugs in SEV migration
  2021-07-07 13:42 ` [PATCH 0/2] KVM: SVM: Fix error handling bugs in SEV migration Dan Carpenter
@ 2021-07-08 17:24   ` Paolo Bonzini
  0 siblings, 0 replies; 5+ messages in thread
From: Paolo Bonzini @ 2021-07-08 17:24 UTC (permalink / raw)
  To: Dan Carpenter, Sean Christopherson
  Cc: Vitaly Kuznetsov, Wanpeng Li, Jim Mattson, Joerg Roedel, kvm,
	linux-kernel, Steve Rutherford, Brijesh Singh, Ashish Kalra

On 07/07/21 15:42, Dan Carpenter wrote:
> These patches were never applied.
> 
> regards,
> dan carpenter
> 

Queued now, thanks for the reminder!

Paolo


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2021-07-08 17:24 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-06 17:58 [PATCH 0/2] KVM: SVM: Fix error handling bugs in SEV migration Sean Christopherson
2021-05-06 17:58 ` [PATCH 1/2] KVM: SVM: Return -EFAULT if copy_to_user() for SEV mig packet header fails Sean Christopherson
2021-05-06 17:58 ` [PATCH 2/2] KVM: SVM: Fix sev_pin_memory() error checks in SEV migration utilities Sean Christopherson
2021-07-07 13:42 ` [PATCH 0/2] KVM: SVM: Fix error handling bugs in SEV migration Dan Carpenter
2021-07-08 17:24   ` Paolo Bonzini

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).