Patch "KVM: x86: Protect the unused bits in MSR exiting flags" has been added to the 5.15-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 4 Nov 2022 10:55:46 -0400

This is a note to let you know that I've just added the patch titled

    KVM: x86: Protect the unused bits in MSR exiting flags

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     kvm-x86-protect-the-unused-bits-in-msr-exiting-flags.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit d7e4dee6e86072b2f59d7e01f6ca0e5a0c7205de
Author: Aaron Lewis <aaronlewis@xxxxxxxxxx>
Date:   Thu Jul 14 16:13:15 2022 +0000

    KVM: x86: Protect the unused bits in MSR exiting flags
    
    [ Upstream commit cf5029d5dd7cb0aaa53250fa9e389abd231606b3 ]
    
    The flags for KVM_CAP_X86_USER_SPACE_MSR and KVM_X86_SET_MSR_FILTER
    have no protection for their unused bits.  Without protection, future
    development for these features will be difficult.  Add the protection
    needed to make it possible to extend these features in the future.
    
    Signed-off-by: Aaron Lewis <aaronlewis@xxxxxxxxxx>
    Message-Id: <20220714161314.1715227-1-aaronlewis@xxxxxxxxxx>
    Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
    Stable-dep-of: 2e3272bc1790 ("KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter()")
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index cd22557e2645..59c9eb55e6d1 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -5770,6 +5770,11 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
 		r = 0;
 		break;
 	case KVM_CAP_X86_USER_SPACE_MSR:
+		r = -EINVAL;
+		if (cap->args[0] & ~(KVM_MSR_EXIT_REASON_INVAL |
+				     KVM_MSR_EXIT_REASON_UNKNOWN |
+				     KVM_MSR_EXIT_REASON_FILTER))
+			break;
 		kvm->arch.user_space_msr_mask = cap->args[0];
 		r = 0;
 		break;
@@ -5903,6 +5908,9 @@ static int kvm_vm_ioctl_set_msr_filter(struct kvm *kvm, void __user *argp)
 	if (copy_from_user(&filter, user_msr_filter, sizeof(filter)))
 		return -EFAULT;
 
+	if (filter.flags & ~KVM_MSR_FILTER_DEFAULT_DENY)
+		return -EINVAL;
+
 	for (i = 0; i < ARRAY_SIZE(filter.ranges); i++)
 		empty &= !filter.ranges[i].nmsrs;
 






