Sean Christopherson <seanjc@xxxxxxxxxx> writes: > Bug the VM and terminate emulation if an out-of-bounds read into the > emulator's data cache occurs. Knowingly contuining on all but guarantees > that KVM will overwrite random kernel data, which is far, far worse than > killing the VM. > > Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx> > --- > arch/x86/kvm/emulate.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c > index 2aa17462a9ac..39ea9138224c 100644 > --- a/arch/x86/kvm/emulate.c > +++ b/arch/x86/kvm/emulate.c > @@ -1373,7 +1373,8 @@ static int read_emulated(struct x86_emulate_ctxt *ctxt, > if (mc->pos < mc->end) > goto read_cached; > > - WARN_ON((mc->end + size) >= sizeof(mc->data)); > + if (KVM_EMULATOR_BUG_ON((mc->end + size) >= sizeof(mc->data), ctxt)) > + return X86EMUL_UNHANDLEABLE; > > rc = ctxt->ops->read_emulated(ctxt, addr, mc->data + mc->end, size, > &ctxt->exception); The last WARN_ON() is gone, cool) Reviewed-by: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx> -- Vitaly
