diff mbox series

KVM: VMX: hyper-v: Prevent impossible NULL pointer dereference in evmcs_load()

Message ID 20240816130124.286226-1-vkuznets@redhat.com (mailing list archive)
State New, archived
Headers show
Series KVM: VMX: hyper-v: Prevent impossible NULL pointer dereference in evmcs_load() | expand

Commit Message

Vitaly Kuznetsov Aug. 16, 2024, 1:01 p.m. UTC
GCC 12.3.0 complains about a potential NULL pointer dereference in
evmcs_load() as hv_get_vp_assist_page() can return NULL. In fact, this
cannot happen because KVM verifies (hv_init_evmcs()) that every CPU has a
valid VP assist page and aborts enabling the feature otherwise. CPU
onlining path is also checked in vmx_hardware_enable().

To make the compiler happy and to future proof the code, add a KVM_BUG_ON()
sentinel. It doesn't seem to be possible (and logical) to observe
evmcs_load() happening without an active vCPU so it is presumed that
kvm_get_running_vcpu() can't return NULL.

No functional change intended.

Reported-by: Mirsad Todorovac <mtodorovac69@gmail.com>
Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
 arch/x86/kvm/vmx/vmx_onhyperv.h | 8 ++++++++
 1 file changed, 8 insertions(+)

Comments

Sean Christopherson Aug. 23, 2024, 11:48 p.m. UTC | #1
On Fri, 16 Aug 2024 15:01:24 +0200, Vitaly Kuznetsov wrote:
> GCC 12.3.0 complains about a potential NULL pointer dereference in
> evmcs_load() as hv_get_vp_assist_page() can return NULL. In fact, this
> cannot happen because KVM verifies (hv_init_evmcs()) that every CPU has a
> valid VP assist page and aborts enabling the feature otherwise. CPU
> onlining path is also checked in vmx_hardware_enable().
> 
> To make the compiler happy and to future proof the code, add a KVM_BUG_ON()
> sentinel. It doesn't seem to be possible (and logical) to observe
> evmcs_load() happening without an active vCPU so it is presumed that
> kvm_get_running_vcpu() can't return NULL.
> 
> [...]

Applied to kvm-x86 vmx, thanks!

[1/1] KVM: VMX: hyper-v: Prevent impossible NULL pointer dereference in evmcs_load()
      https://github.com/kvm-x86/linux/commit/2ab637df5f68

--
https://github.com/kvm-x86/linux/tree/next
diff mbox series

Patch

diff --git a/arch/x86/kvm/vmx/vmx_onhyperv.h b/arch/x86/kvm/vmx/vmx_onhyperv.h
index eb48153bfd73..bba24ed99ee6 100644
--- a/arch/x86/kvm/vmx/vmx_onhyperv.h
+++ b/arch/x86/kvm/vmx/vmx_onhyperv.h
@@ -104,6 +104,14 @@  static inline void evmcs_load(u64 phys_addr)
 	struct hv_vp_assist_page *vp_ap =
 		hv_get_vp_assist_page(smp_processor_id());
 
+	/*
+	 * When enabling eVMCS, KVM verifies that every CPU has a valid hv_vp_assist_page()
+	 * and aborts enabling the feature otherwise. CPU onlining path is also checked in
+	 * vmx_hardware_enable().
+	 */
+	if (KVM_BUG_ON(!vp_ap, kvm_get_running_vcpu()->kvm))
+		return;
+
 	if (current_evmcs->hv_enlightenments_control.nested_flush_hypercall)
 		vp_ap->nested_control.features.directhypercall = 1;
 	vp_ap->current_nested_vmcs = phys_addr;