On Thu, Apr 29, 2021, Dan Carpenter wrote:
> Hello David Rientjes,
>
> The patch b86bc2858b38: "KVM: SVM: prevent DBG_DECRYPT and
> DBG_ENCRYPT overflow" from Mar 25, 2019, leads to the following
> static checker warning:
>
> arch/x86/kvm/svm/sev.c:960 sev_dbg_crypt()
> error: uninitialized symbol 'ret'.
>
> arch/x86/kvm/svm/sev.c
> 879 static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec)
> 880 {
> 881 unsigned long vaddr, vaddr_end, next_vaddr;
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> 882 unsigned long dst_vaddr;
> ^^^^^^^^^^^^^^^^^^^^^^^^
>
> These are unsigned long
>
> 883 struct page **src_p, **dst_p;
> 884 struct kvm_sev_dbg debug;
> 885 unsigned long n;
> 886 unsigned int size;
> 887 int ret;
> 888
> 889 if (!sev_guest(kvm))
> 890 return -ENOTTY;
> 891
> 892 if (copy_from_user(&debug, (void __user *)(uintptr_t)argp->data, sizeof(debug)))
> 893 return -EFAULT;
> 894
> 895 if (!debug.len || debug.src_uaddr + debug.len < debug.src_uaddr)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> But these are u64 so this could still overflow on 32 bit. Do we care?
Not really. sev_guest() will always be false for CONFIG_KVM_AMD_SEV=n, and
CONFIG_KVM_AMD_SEV is dependent on CONFIG_X86_64=y. This code is compiled for
32-bit only because everyone has been too lazy to stub out sev.c.
