Mathias Krause 8b8e57e509 KVM: Reject overly excessive IDs in KVM_CREATE_VCPU ... If, on a 64 bit system, a vCPU ID is provided that has the upper 32 bits set to a non-zero value, it may get accepted if the truncated to 32 bits integer value is below KVM_MAX_VCPU_IDS and 'max_vcpus'. This feels very wrong and triggered the reporting logic of PaX's SIZE_OVERFLOW plugin. Instead of silently truncating and accepting such values, pass the full value to kvm_vm_ioctl_create_vcpu() and make the existing limit checks return an error. Even if this is a userland ABI breaking change, no sane userland could have ever relied on that behaviour. Reported-by: PaX's SIZE_OVERFLOW plugin running on grsecurity's syzkaller Fixes: 6aa8b732ca ("[PATCH] kvm: userspace interface") Cc: Emese Revfy <re.emese@gmail.com> Cc: PaX Team <pageexec@freemail.hu> Signed-off-by: Mathias Krause <minipli@grsecurity.net> Link: https://lore.kernel.org/r/20240614202859.3597745-2-minipli@grsecurity.net [sean: tweak comment about INT_MAX assertion] Signed-off-by: Sean Christopherson <seanjc@google.com>		2024-06-18 08:59:16 -07:00
..
kvm	KVM: Reject overly excessive IDs in KVM_CREATE_VCPU	2024-06-18 08:59:16 -07:00
lib	Revert "irqbypass: do not start cons/prod when failed connect"	2021-05-15 10:26:55 +01:00
Makefile	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00