On Wed, Nov 16, 2022 at 01:34:46PM +0800,
"Wang, Lei" <lei4.wang@xxxxxxxxx> wrote:
> > @@ -431,50 +633,65 @@ int tdx_vm_init(struct kvm *kvm)
> > return ret;
> > }
> >
> > -int tdx_dev_ioctl(void __user *argp)
> > +static int tdx_td_init(struct kvm *kvm, struct kvm_tdx_cmd *cmd)
> > {
> > - struct kvm_tdx_capabilities __user *user_caps;
> > - struct kvm_tdx_capabilities caps;
> > - struct kvm_tdx_cmd cmd;
> > + struct kvm_tdx *kvm_tdx = to_kvm_tdx(kvm);
> > + struct kvm_tdx_init_vm *init_vm = NULL;
> > + struct td_params *td_params = NULL;
> > + void *entries_end;
> > + int ret;
> >
> > - BUILD_BUG_ON(sizeof(struct kvm_tdx_cpuid_config) !=
> > - sizeof(struct tdx_cpuid_config));
> > + BUILD_BUG_ON(sizeof(*init_vm) != 16 * 1024);
> > + BUILD_BUG_ON((sizeof(*init_vm) - offsetof(typeof(*init_vm), entries)) /
> > + sizeof(init_vm->entries[0]) < KVM_MAX_CPUID_ENTRIES);
> > + BUILD_BUG_ON(sizeof(struct td_params) != 1024);
> >
> > - if (copy_from_user(&cmd, argp, sizeof(cmd)))
> > - return -EFAULT;
> > - if (cmd.flags || cmd.error || cmd.unused)
> > + if (is_td_initialized(kvm))
> > return -EINVAL;
> > - /*
> > - * Currently only KVM_TDX_CAPABILITIES is defined for system-scoped
> > - * mem_enc_ioctl().
> > - */
> > - if (cmd.id != KVM_TDX_CAPABILITIES)
> > +
> > + if (cmd->flags)
> > return -EINVAL;
> >
> > - user_caps = (void __user *)cmd.data;
> > - if (copy_from_user(&caps, user_caps, sizeof(caps)))
> > - return -EFAULT;
> > + init_vm = kzalloc(sizeof(*init_vm), GFP_KERNEL);
> > + if (copy_from_user(init_vm, (void __user *)cmd->data, sizeof(*init_vm))) {
>
> Pointer 'init_vm' returned from call to function 'kzalloc' may be NULL and will
> be dereferenced at this line.
>
> Maybe a NULL-check here is needed?
Yes, thank you for catching it.
Thanks,
--
Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
