Patch "KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots" has been added to the 5.15-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sun, 23 Jan 2022 10:50:29 -0500

This is a note to let you know that I've just added the patch titled

    KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     kvm-ppc-book3s-suppress-warnings-when-allocating-too.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit f14888b0834919586469a579441e67493b410127
Author: Alexey Kardashevskiy <aik@xxxxxxxxx>
Date:   Wed Sep 1 18:45:12 2021 +1000

    KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots
    
    [ Upstream commit 511d25d6b789fffcb20a3eb71899cf974a31bd9d ]
    
    The userspace can trigger "vmalloc size %lu allocation failure: exceeds
    total pages" via the KVM_SET_USER_MEMORY_REGION ioctl.
    
    This silences the warning by checking the limit before calling vzalloc()
    and returns ENOMEM if failed.
    
    This does not call underlying valloc helpers as __vmalloc_node() is only
    exported when CONFIG_TEST_VMALLOC_MODULE and __vmalloc_node_range() is
    not exported at all.
    
    Spotted by syzkaller.
    
    Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxxxx>
    [mpe: Use 'size' for the variable rather than 'cb']
    Signed-off-by: Michael Ellerman <mpe@xxxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20210901084512.1658628-1-aik@xxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
index 7b74fc0a986b8..94da0d25eb125 100644
--- a/arch/powerpc/kvm/book3s_hv.c
+++ b/arch/powerpc/kvm/book3s_hv.c
@@ -4861,8 +4861,12 @@ static int kvmppc_core_prepare_memory_region_hv(struct kvm *kvm,
 	unsigned long npages = mem->memory_size >> PAGE_SHIFT;
 
 	if (change == KVM_MR_CREATE) {
-		slot->arch.rmap = vzalloc(array_size(npages,
-					  sizeof(*slot->arch.rmap)));
+		unsigned long size = array_size(npages, sizeof(*slot->arch.rmap));
+
+		if ((size >> PAGE_SHIFT) > totalram_pages())
+			return -ENOMEM;
+
+		slot->arch.rmap = vzalloc(size);
 		if (!slot->arch.rmap)
 			return -ENOMEM;
 	}






