From patchwork Sat Oct 18 11:57:00 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 5099871 Return-Path: X-Original-To: patchwork-kvm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id F0480C11AC for ; Sat, 18 Oct 2014 12:21:20 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 1C16020176 for ; Sat, 18 Oct 2014 12:21:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2E24E20172 for ; Sat, 18 Oct 2014 12:21:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751042AbaJRMVG (ORCPT ); Sat, 18 Oct 2014 08:21:06 -0400 Received: from inca-roads.misterjones.org ([213.251.177.50]:43494 "EHLO inca-roads.misterjones.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750976AbaJRMVE (ORCPT ); Sat, 18 Oct 2014 08:21:04 -0400 Received: from [90.219.10.17] (helo=zomby-woof.wild-wind.fr.eu.org) by cheepnis.misterjones.org with esmtpsa (TLSv1.2:AES128-SHA256:128) (Exim 4.80) (envelope-from ) id 1XfSdH-0005Fz-K0; Sat, 18 Oct 2014 13:57:15 +0200 From: Marc Zyngier To: Gleb Natapov , Paolo Bonzini Cc: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org, Christoffer Dall Subject: [PATCH 10/12] arm/arm64: KVM: Ensure memslots are within KVM_PHYS_SIZE Date: Sat, 18 Oct 2014 12:57:00 +0100 Message-Id: <1413633422-14907-11-git-send-email-marc.zyngier@arm.com> X-Mailer: git-send-email 2.1.1 In-Reply-To: <1413633422-14907-1-git-send-email-marc.zyngier@arm.com> References: <1413633422-14907-1-git-send-email-marc.zyngier@arm.com> X-SA-Exim-Connect-IP: 90.219.10.17 X-SA-Exim-Rcpt-To: gleb@kernel.org, pbonzini@redhat.com, kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org, christoffer.dall@linaro.org X-SA-Exim-Mail-From: marc.zyngier@arm.com X-SA-Exim-Scanned: No (on cheepnis.misterjones.org); SAEximRunCond expanded to false Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Christoffer Dall When creating or moving a memslot, make sure the IPA space is within the addressable range of the guest. Otherwise, user space can create too large a memslot and KVM would try to access potentially unallocated page table entries when inserting entries in the Stage-2 page tables. Acked-by: Catalin Marinas Acked-by: Marc Zyngier Signed-off-by: Christoffer Dall --- arch/arm/kvm/mmu.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c index ee142ed..8c40829 100644 --- a/arch/arm/kvm/mmu.c +++ b/arch/arm/kvm/mmu.c @@ -1003,6 +1003,9 @@ int kvm_handle_guest_abort(struct kvm_vcpu *vcpu, struct kvm_run *run) goto out_unlock; } + /* Userspace should not be able to register out-of-bounds IPAs */ + VM_BUG_ON(fault_ipa >= KVM_PHYS_SIZE); + ret = user_mem_abort(vcpu, fault_ipa, memslot, hva, fault_status); if (ret == 0) ret = 1; @@ -1229,6 +1232,14 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, return 0; /* + * Prevent userspace from creating a memory region outside of the IPA + * space addressable by the KVM guest IPA space. + */ + if (memslot->base_gfn + memslot->npages >= + (KVM_PHYS_SIZE >> PAGE_SHIFT)) + return -EFAULT; + + /* * A memory region could potentially cover multiple VMAs, and any holes * between them, so iterate over all of them to find out if we can map * any of them right now.