On Wed, Apr 28, 2021, Valeriy Vdovin wrote:
> It's very explicit by the code that it was designed to receive some
> small number of entries to return E2BIG along with the corrected number.
LOL, saying KVM_GET_CPUID2 was "designed" is definitely giving the KVM
forefathers the benefit of the doubt.
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index efc7a82ab140..3f941b1f4e78 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -4773,14 +4773,17 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
> r = -EFAULT;
> if (copy_from_user(&cpuid, cpuid_arg, sizeof(cpuid)))
> goto out;
> +
> r = kvm_vcpu_ioctl_get_cpuid2(vcpu, &cpuid,
> cpuid_arg->entries);
> - if (r)
> +
> + if (r && r != -E2BIG)
> goto out;
> - r = -EFAULT;
> - if (copy_to_user(cpuid_arg, &cpuid, sizeof(cpuid)))
> +
> + if (copy_to_user(cpuid_arg, &cpuid, sizeof(cpuid))) {
> + r = -EFAULT;
> goto out;
As I pointed out[*], copying the number of entries but not the entries themselves
is wrong. All of my feedback on v1 still stands.
[*] https://lkml.kernel.org/r/YIl4M/GgaYvwNuXv@xxxxxxxxxx
> - r = 0;
> + }
> break;
> }
> case KVM_GET_MSRS: {
