Alexey Kardashevskiy <aik@xxxxxxxxx> writes:
> The userspace can trigger "vmalloc size %lu allocation failure: exceeds
> total pages" via the KVM_SET_USER_MEMORY_REGION ioctl.
>
> This silences the warning by checking the limit before calling vzalloc()
> and returns ENOMEM if failed.
>
> This does not call underlying valloc helpers as __vmalloc_node() is only
> exported when CONFIG_TEST_VMALLOC_MODULE and __vmalloc_node_range() is not
> exported at all.
>
> Spotted by syzkaller.
>
> Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxxxx>
> ---
> arch/powerpc/kvm/book3s_hv.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
> index 474c0cfde384..a59f1cccbcf9 100644
> --- a/arch/powerpc/kvm/book3s_hv.c
> +++ b/arch/powerpc/kvm/book3s_hv.c
> @@ -4830,8 +4830,12 @@ static int kvmppc_core_prepare_memory_region_hv(struct kvm *kvm,
> unsigned long npages = mem->memory_size >> PAGE_SHIFT;
>
> if (change == KVM_MR_CREATE) {
> - slot->arch.rmap = vzalloc(array_size(npages,
> - sizeof(*slot->arch.rmap)));
> + unsigned long cb = array_size(npages, sizeof(*slot->arch.rmap));
What does cb mean?
> +
> + if ((cb >> PAGE_SHIFT) > totalram_pages())
> + return -ENOMEM;
> +
> + slot->arch.rmap = vzalloc(cb);
> if (!slot->arch.rmap)
> return -ENOMEM;
> }
