On Fri, Sep 03, 2021, tcs.kernel@xxxxxxxxx wrote:
> From: Haimin Zhang <tcs_kernel@xxxxxxxxxxx>
>
> Check the return of init_srcu_struct(), which can fail due to OOM, when
> initializing the page track mechanism. Lack of checking leads to a NULL
> pointer deref found by a modified syzkaller.
>
> Signed-off-by: Haimin Zhang <tcs_kernel@xxxxxxxxxxx>
> Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
> Signed-off-by: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>
Neither myself nor Vitaly provided an SOB, nor is one needed. Review feedback
can be attributed/noted in the part that git ignores (below the three dashes).
> Reported-by: TCS Robot <tcs_robot@xxxxxxxxxxx>
>
> ---
Notes about version changes, e.g. to document/attribute review feedback, go here.
v2:
- Blah blah blah [Vitaly, Sean]
> arch/x86/include/asm/kvm_page_track.h | 2 +-
> arch/x86/kvm/mmu/page_track.c | 4 ++--
> arch/x86/kvm/x86.c | 6 +++++-
> 3 files changed, 8 insertions(+), 4 deletions(-)
>
...
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 86539c1..9a122af 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -11143,6 +11143,8 @@ void kvm_arch_free_vm(struct kvm *kvm)
>
> int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
> {
> + int ret;
> +
> if (type)
> return -EINVAL;
>
> @@ -11178,7 +11180,9 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
>
> kvm_apicv_init(kvm);
> kvm_hv_init_vm(kvm);
> - kvm_page_track_init(kvm);
> + ret = kvm_page_track_init(kvm);
> + if (ret)
> + return ret;
Before moving forward with a fix, I'd like to get Paolo's input on dropping
track_srcu in favor of kvm->srcu and avoiding this altogheter. Note, Paolo is on
vacation at the moment, so this won't get attention for a week or more.
[*] https://lkml.kernel.org/r/YS5Bn6I6wVEL8wKS@xxxxxxxxxx
> kvm_mmu_init_vm(kvm);
> kvm_xen_init_vm(kvm);
>
> --
> 1.8.3.1
>
