| Message ID | 20210805212616.2641017-3-farosas@linux.ibm.com |
|---|---|
| State | New |
| Headers | show |
| Series | KVM: PPC: Book3S HV: kvmhv_copy_tofrom_guest_radix changes | expand |
Excerpts from Fabiano Rosas's message of August 6, 2021 7:26 am: > Both paths into __kvmhv_copy_tofrom_guest_radix ensure that we arrive > with an effective address that is smaller than our total addressable > space and addresses quadrant 0. > > - The H_COPY_TOFROM_GUEST hypercall path rejects the call with > H_PARAMETER if the effective address has any of the twelve most > significant bits set. > > - The kvmhv_copy_tofrom_guest_radix path clears the top twelve bits > before calling the internal function. > > Although the callers make sure that the effective address is sane, any > future use of the function is exposed to a programming error, so add a > sanity check. We possibly should put these into #defines in radix pgtable headers somewhere but KVM already open codes them so this is good for now. Reviewed-by: Nicholas Piggin <npiggin@gmail.com> > > Suggested-by: Nicholas Piggin <npiggin@gmail.com> > Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com> > --- > arch/powerpc/kvm/book3s_64_mmu_radix.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/arch/powerpc/kvm/book3s_64_mmu_radix.c b/arch/powerpc/kvm/book3s_64_mmu_radix.c > index 44eb7b1ef289..1b1c9e9e539b 100644 > --- a/arch/powerpc/kvm/book3s_64_mmu_radix.c > +++ b/arch/powerpc/kvm/book3s_64_mmu_radix.c > @@ -44,6 +44,9 @@ unsigned long __kvmhv_copy_tofrom_guest_radix(int lpid, int pid, > (to != NULL) ? __pa(to): 0, > (from != NULL) ? __pa(from): 0, n); > > + if (eaddr & (0xFFFUL << 52)) > + return ret; > + > quadrant = 1; > if (!pid) > quadrant = 2; > -- > 2.29.2 > >
diff --git a/arch/powerpc/kvm/book3s_64_mmu_radix.c b/arch/powerpc/kvm/book3s_64_mmu_radix.c index 44eb7b1ef289..1b1c9e9e539b 100644 --- a/arch/powerpc/kvm/book3s_64_mmu_radix.c +++ b/arch/powerpc/kvm/book3s_64_mmu_radix.c @@ -44,6 +44,9 @@ unsigned long __kvmhv_copy_tofrom_guest_radix(int lpid, int pid, (to != NULL) ? __pa(to): 0, (from != NULL) ? __pa(from): 0, n); + if (eaddr & (0xFFFUL << 52)) + return ret; + quadrant = 1; if (!pid) quadrant = 2;
Both paths into __kvmhv_copy_tofrom_guest_radix ensure that we arrive with an effective address that is smaller than our total addressable space and addresses quadrant 0. - The H_COPY_TOFROM_GUEST hypercall path rejects the call with H_PARAMETER if the effective address has any of the twelve most significant bits set. - The kvmhv_copy_tofrom_guest_radix path clears the top twelve bits before calling the internal function. Although the callers make sure that the effective address is sane, any future use of the function is exposed to a programming error, so add a sanity check. Suggested-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com> --- arch/powerpc/kvm/book3s_64_mmu_radix.c | 3 +++ 1 file changed, 3 insertions(+)