diff options
| author | Mathias Krause <[email protected]> | 2024-06-14 22:28:55 +0200 |
|---|---|---|
| committer | Sean Christopherson <[email protected]> | 2024-06-18 08:59:16 -0700 |
| commit | 8b8e57e5096e47ca842c100c25667195017014ae (patch) | |
| tree | e6afca8ecb2dcc66077d00a99a7c539c6efbca70 /tools/perf/scripts/python/export-to-postgresql.py | |
| parent | 5c1f50ab7fcb4e77a0b4ce102cfb890eef1ed8f1 (diff) | |
KVM: Reject overly excessive IDs in KVM_CREATE_VCPU
If, on a 64 bit system, a vCPU ID is provided that has the upper 32 bits
set to a non-zero value, it may get accepted if the truncated to 32 bits
integer value is below KVM_MAX_VCPU_IDS and 'max_vcpus'. This feels very
wrong and triggered the reporting logic of PaX's SIZE_OVERFLOW plugin.
Instead of silently truncating and accepting such values, pass the full
value to kvm_vm_ioctl_create_vcpu() and make the existing limit checks
return an error.
Even if this is a userland ABI breaking change, no sane userland could
have ever relied on that behaviour.
Reported-by: PaX's SIZE_OVERFLOW plugin running on grsecurity's syzkaller
Fixes: 6aa8b732ca01 ("[PATCH] kvm: userspace interface")
Cc: Emese Revfy <[email protected]>
Cc: PaX Team <[email protected]>
Signed-off-by: Mathias Krause <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
[sean: tweak comment about INT_MAX assertion]
Signed-off-by: Sean Christopherson <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/export-to-postgresql.py')
0 files changed, 0 insertions, 0 deletions