Alexey Kardashevskiy <aik@xxxxxxxxx> writes:
> On 02/09/2021 00:59, Fabiano Rosas wrote:
>> Alexey Kardashevskiy <aik@xxxxxxxxx> writes:
>>
>>> The userspace can trigger "vmalloc size %lu allocation failure: exceeds
>>> total pages" via the KVM_SET_USER_MEMORY_REGION ioctl.
>>>
>>> This silences the warning by checking the limit before calling vzalloc()
>>> and returns ENOMEM if failed.
>>>
>>> This does not call underlying valloc helpers as __vmalloc_node() is only
>>> exported when CONFIG_TEST_VMALLOC_MODULE and __vmalloc_node_range() is not
>>> exported at all.
>>>
>>> Spotted by syzkaller.
>>>
>>> Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxxxx>
>>> ---
>>> arch/powerpc/kvm/book3s_hv.c | 8 ++++++--
>>> 1 file changed, 6 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
>>> index 474c0cfde384..a59f1cccbcf9 100644
>>> --- a/arch/powerpc/kvm/book3s_hv.c
>>> +++ b/arch/powerpc/kvm/book3s_hv.c
>>> @@ -4830,8 +4830,12 @@ static int kvmppc_core_prepare_memory_region_hv(struct kvm *kvm,
>>> unsigned long npages = mem->memory_size >> PAGE_SHIFT;
>>>
>>> if (change == KVM_MR_CREATE) {
>>> - slot->arch.rmap = vzalloc(array_size(npages,
>>> - sizeof(*slot->arch.rmap)));
>>> + unsigned long cb = array_size(npages, sizeof(*slot->arch.rmap));
>>
>> What does cb mean?
>
> "count of bytes"
>
> This is from my deep Windows past :)
>
> https://docs.microsoft.com/en-us/windows/win32/stg/coding-style-conventions
=D How interesting! And according to that link 'sz' means "Zero terminated
String". Imagine the confusion.. haha
>>
>>> +
>>> + if ((cb >> PAGE_SHIFT) > totalram_pages())
>>> + return -ENOMEM;
>>> +
>>> + slot->arch.rmap = vzalloc(cb);
>>> if (!slot->arch.rmap)
>>> return -ENOMEM;
>>> }
