From: David Woodhouse Date: Tue, 2 Feb 2021 11:05:10 +0000 (+0000) Subject: KVM: x86/xen: Fix __user pointer handling for hypercall page installation X-Git-Tag: accepted/tizen/unified/20230118.172025~7642^2~129 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=92f4d400a407235783afd4399fa26c4c665024b5;p=platform%2Fkernel%2Flinux-rpi.git KVM: x86/xen: Fix __user pointer handling for hypercall page installation The address we give to memdup_user() isn't correctly tagged as __user. This is harmless enough as it's a one-off use and we're doing exactly the right thing, but fix it anyway to shut the checker up. Otherwise it'll whine when the (now legacy) code gets moved around in a later patch. Signed-off-by: David Woodhouse --- diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index e3d354d..34ca136 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -2874,8 +2874,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) { struct kvm *kvm = vcpu->kvm; int lm = is_long_mode(vcpu); - u8 *blob_addr = lm ? (u8 *)(long)kvm->arch.xen_hvm_config.blob_addr_64 - : (u8 *)(long)kvm->arch.xen_hvm_config.blob_addr_32; + u64 blob_addr = lm ? kvm->arch.xen_hvm_config.blob_addr_64 + : kvm->arch.xen_hvm_config.blob_addr_32; u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num = data & ~PAGE_MASK; @@ -2885,7 +2885,9 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) if (page_num >= blob_size) return 1; - page = memdup_user(blob_addr + (page_num * PAGE_SIZE), PAGE_SIZE); + blob_addr += page_num * PAGE_SIZE; + + page = memdup_user((u8 __user *)blob_addr, PAGE_SIZE); if (IS_ERR(page)) return PTR_ERR(page);