On Tue, 07 Feb 2023 09:13:54 -0800, Peter Gonda wrote:
> KVM_SEV_SEND_UPDATE_DATA and KVM_SEV_RECEIVE_UPDATE_DATA have an integer
> overflow issue. Params.guest_len and offset are both 32bite wide, with a
> large params.guest_len the check to confirm a page boundary is not
> crossed can falsely pass:
>
> /* Check if we are crossing the page boundary *
> offset = params.guest_uaddr & (PAGE_SIZE - 1);
> if ((params.guest_len + offset > PAGE_SIZE))
>
> [...]
Applied to kvm-x86 svm, thanks!
[1/1] KVM: sev: Fix potential overflow send|recieve_update_data
https://github.com/kvm-x86/linux/commit/f94f053aa3a5
--
https://github.com/kvm-x86/linux/tree/next
https://github.com/kvm-x86/linux/tree/fixes
