git.baikalelectronics.ru Git - kernel.git/commit

author	Sean Christopherson <seanjc@google.com>
	Thu, 26 May 2022 21:08:10 +0000 (21:08 +0000)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Fri, 10 Jun 2022 14:01:29 +0000 (10:01 -0400)
commit	dea0db4d2e8c66396a350f9de0aafa7dcb027847
tree	7d34c9d08eb4fd7ce25793adcdb208ec6e4efccb	tree \| snapshot
parent	aa55389fe55e4a6cd93d7b629fe246e47dcd3205	commit \| diff

KVM: x86: Grab regs_dirty in local 'unsigned long'

Capture ctxt->regs_dirty in a local 'unsigned long' instead of casting it
to an 'unsigned long *' for use in for_each_set_bit().  The bitops helpers
really do read the entire 'unsigned long', even though the walking of the
read value is capped at the specified size.  I.e. 64-bit KVM is reading
memory beyond ctxt->regs_dirty, which is a u32 and thus 4 bytes, whereas
an unsigned long is 8 bytes.  Functionally it's not an issue because
regs_dirty is in the middle of x86_emulate_ctxt, i.e. KVM is just reading
its own memory, but relying on that coincidence is gross and unsafe.

Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220526210817.3428868-2-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>