KVM: SVM: prevent DBG_DECRYPT and DBG_ENCRYPT overflow

author David Rientjes <rientjes@google.com>

Mon, 25 Mar 2019 18:47:31 +0000 (11:47 -0700)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Wed, 8 May 2019 05:21:50 +0000 (07:21 +0200)
author David Rientjes <rientjes@google.com>
Mon, 25 Mar 2019 18:47:31 +0000 (11:47 -0700)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 8 May 2019 05:21:50 +0000 (07:21 +0200)
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c

index 813cb60..8dd9208 100644 (file)
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -6789,7 +6789,8 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec)
         struct page **src_p, **dst_p;
         struct kvm_sev_dbg debug;
         unsigned long n;
-       int ret, size;
+       unsigned int size;
+       int ret;
  
         if (!sev_guest(kvm))
                 return -ENOTTY;
@@ -6797,6 +6798,11 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec)
         if (copy_from_user(&debug, (void __user *)(uintptr_t)argp->data, sizeof(debug)))
                 return -EFAULT;
  
+       if (!debug.len || debug.src_uaddr + debug.len < debug.src_uaddr)
+               return -EINVAL;
+       if (!debug.dst_uaddr)
+               return -EINVAL;
+
         vaddr = debug.src_uaddr;
         size = debug.len;
         vaddr_end = vaddr + size;
@@ -6847,8 +6853,8 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec)
                                                      dst_vaddr,
                                                      len, &argp->error);
  
-               sev_unpin_memory(kvm, src_p, 1);
-               sev_unpin_memory(kvm, dst_p, 1);
+               sev_unpin_memory(kvm, src_p, n);
+               sev_unpin_memory(kvm, dst_p, n);
  
                 if (ret)
                         goto err;
author	David Rientjes <rientjes@google.com>
	Mon, 25 Mar 2019 18:47:31 +0000 (11:47 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 8 May 2019 05:21:50 +0000 (07:21 +0200)