[PATCH 1/3] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
Kunkun Jiang
jiangkunkun at huawei.com
Thu Jun 20 06:06:48 PDT 2024
In all the vgic_its_save_*() functinos, it does not check
whether the data length is larger than 8 bytes before
calling vgic_write_guest_lock. This patch add the check.
Link: https://lore.kernel.org/kvmarm/86v82ckimh.wl-maz@kernel.org/
Signed-off-by: Kunkun Jiang <jiangkunkun at huawei.com>
---
arch/arm64/kvm/vgic/vgic-its.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm64/kvm/vgic/vgic-its.c b/arch/arm64/kvm/vgic/vgic-its.c
index 40bb43f20bf3..060605fba3b6 100644
--- a/arch/arm64/kvm/vgic/vgic-its.c
+++ b/arch/arm64/kvm/vgic/vgic-its.c
@@ -2094,6 +2094,7 @@ static int vgic_its_save_ite(struct vgic_its *its, struct its_device *dev,
((u64)ite->irq->intid << KVM_ITS_ITE_PINTID_SHIFT) |
ite->collection->collection_id;
val = cpu_to_le64(val);
+ BUG_ON(ite_esz > sizeof(val));
return vgic_write_guest_lock(kvm, gpa, &val, ite_esz);
}
@@ -2246,6 +2247,7 @@ static int vgic_its_save_dte(struct vgic_its *its, struct its_device *dev,
(itt_addr_field << KVM_ITS_DTE_ITTADDR_SHIFT) |
(dev->num_eventid_bits - 1));
val = cpu_to_le64(val);
+ BUG_ON(dte_esz > sizeof(dte_esz));
return vgic_write_guest_lock(kvm, ptr, &val, dte_esz);
}
@@ -2433,6 +2435,7 @@ static int vgic_its_save_cte(struct vgic_its *its,
((u64)collection->target_addr << KVM_ITS_CTE_RDBASE_SHIFT) |
collection->collection_id);
val = cpu_to_le64(val);
+ BUG_ON(esz > sizeof(val));
return vgic_write_guest_lock(its->dev->kvm, gpa, &val, esz);
}
--
2.33.0
More information about the linux-arm-kernel
mailing list