On 27/06/2024 16:03, Pei Li wrote:
Check for invalid hva address stored in data and return -EINVAL before calling into __kvm_gpc_activate(). Reported-by: syzbot+fd555292a1da3180fc82@xxxxxxxxxxxxxxxxxxxxxxxxx Closes: https://syzkaller.appspot.com/bug?extid=fd555292a1da3180fc82 Tested-by: syzbot+fd555292a1da3180fc82@xxxxxxxxxxxxxxxxxxxxxxxxx Signed-off-by: Pei Li <peili.dev@xxxxxxxxx> --- Syzbot reports a warning message in __kvm_gpc_refresh(). This warning requires at least one of gpa and uhva to be valid. WARNING: CPU: 0 PID: 5090 at arch/x86/kvm/../../../virt/kvm/pfncache.c:259 __kvm_gpc_refresh+0xf17/0x1090 arch/x86/kvm/../../../virt/kvm/pfncache.c:259 We are calling it from kvm_gpc_activate_hva(). This function always calls __kvm_gpc_activate() with INVALID_GPA. Thus, uhva must be valid to disable this warning. This patch checks for invalid hva address and return -EINVAL before calling __kvm_gpc_activate(). syzbot has tested the proposed patch and the reproducer did not trigger any issue. Tested on: commit: afcd4813 Merge tag 'mm-hotfixes-stable-2024-06-26-17-2.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1427e301980000 kernel config: https://syzkaller.appspot.com/x/.config?x=e40800950091403a dashboard link: https://syzkaller.appspot.com/bug?extid=fd555292a1da3180fc82 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 patch: https://syzkaller.appspot.com/x/patch.diff?x=13838f3e980000 Note: testing is done by a robot and is best-effort only. --- Changes in v2: - Adapted Sean's suggestion to check for valid address before calling into __kvm_gpc_activate(). - Link to v1: https://lore.kernel.org/r/20240625-bug5-v1-1-e072ed5fce85@xxxxxxxxx --- arch/x86/kvm/xen.c | 2 +- virt/kvm/pfncache.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-)
Reviewed-by: Paul Durrant <paul@xxxxxxx>
