On 02/11/2020 08:20, Dan Carpenter wrote:
On Fri, Oct 30, 2020 at 05:23:18PM +0200, Paraschiv, Andra-Irina wrote:
On 30/10/2020 13:30, Dan Carpenter wrote:
Hello Andra Paraschiv,
The patch ff8a4d3e3a99: "nitro_enclaves: Add logic for setting an
enclave vCPU" from Sep 21, 2020, leads to the following static
checker warning:
drivers/virt/nitro_enclaves/ne_misc_dev.c:471 ne_donated_cpu()
error: passing untrusted data 'cpu' to 'cpumask_test_cpu()'
drivers/virt/nitro_enclaves/ne_misc_dev.c
1093 switch (cmd) {
1094 case NE_ADD_VCPU: {
1095 int rc = -EINVAL;
1096 u32 vcpu_id = 0;
1097
1098 if (copy_from_user(&vcpu_id, (void __user *)arg, sizeof(vcpu_id)))
^^^^^^^^
1099 return -EFAULT;
1100
1101 mutex_lock(&ne_enclave->enclave_info_mutex);
1102
1103 if (ne_enclave->state != NE_STATE_INIT) {
1104 dev_err_ratelimited(ne_misc_dev.this_device,
1105 "Enclave is not in init state\n");
1106
1107 mutex_unlock(&ne_enclave->enclave_info_mutex);
1108
1109 return -NE_ERR_NOT_IN_INIT_STATE;
1110 }
1111
1112 if (vcpu_id >= (ne_enclave->nr_parent_vm_cores *
1113 ne_enclave->nr_threads_per_core)) {
To prevent a buffer overflow vcpu_id has to be less than "nr_cpu_ids".
Is "ne_enclave->nr_parent_vm_cores * ne_enclave->nr_threads_per_core"
<= nr_cpu_ids? If so then it's fine.
Hi Dan,
Thanks for reaching out with regard to this reported issue from the static
analysis.
"nr_cpu_ids" is used when the number of cores is initialized, so it should
be fine. Let me know if I miss something and a check has to be added to
directly compare to "nr_cpu_ids".
Yeah. That works. Thanks for taking a look at this.
Ok, thanks for the follow-up.
Andra
Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
