Extend vgic_v3_check_base() to verify that the redistributor regions don't go above the VM-specified IPA size (phys_size). This can happen when using the legacy KVM_VGIC_V3_ADDR_TYPE_REDIST attribute with: base + size > phys_size AND base < phys_size vgic_v3_check_base() is used to check the redist regions bases when setting them (with the vcpus added so far) and when attempting the first vcpu-run. Signed-off-by: Ricardo Koller <ricarkol@xxxxxxxxxx> --- arch/arm64/kvm/vgic/vgic-v3.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/arm64/kvm/vgic/vgic-v3.c b/arch/arm64/kvm/vgic/vgic-v3.c index 66004f61cd83..5afd9f6f68f6 100644 --- a/arch/arm64/kvm/vgic/vgic-v3.c +++ b/arch/arm64/kvm/vgic/vgic-v3.c @@ -512,6 +512,10 @@ bool vgic_v3_check_base(struct kvm *kvm) if (rdreg->base + vgic_v3_rd_region_size(kvm, rdreg) < rdreg->base) return false; + + if (rdreg->base + vgic_v3_rd_region_size(kvm, rdreg) > + kvm_phys_size(kvm)) + return false; } if (IS_VGIC_ADDR_UNDEF(d->vgic_dist_base)) -- 2.33.0.153.gba50c8fa24-goog
