| From b43a089c497e506ba3b8c957d51a4df87c8938dc Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Thu, 6 May 2021 10:58:25 -0700 |
| Subject: KVM: SVM: Return -EFAULT if copy_to_user() for SEV mig packet header |
| fails |
| |
| From: Sean Christopherson <seanjc@google.com> |
| |
| [ Upstream commit b4a693924aab93f3747465b2261add46c82c3220 ] |
| |
| Return -EFAULT if copy_to_user() fails; if accessing user memory faults, |
| copy_to_user() returns the number of bytes remaining, not an error code. |
| |
| Reported-by: Dan Carpenter <dan.carpenter@oracle.com> |
| Cc: Steve Rutherford <srutherford@google.com> |
| Cc: Brijesh Singh <brijesh.singh@amd.com> |
| Cc: Ashish Kalra <ashish.kalra@amd.com> |
| Fixes: d3d1af85e2c7 ("KVM: SVM: Add KVM_SEND_UPDATE_DATA command") |
| Signed-off-by: Sean Christopherson <seanjc@google.com> |
| Message-Id: <20210506175826.2166383-2-seanjc@google.com> |
| Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| arch/x86/kvm/svm/sev.c | 5 +++-- |
| 1 file changed, 3 insertions(+), 2 deletions(-) |
| |
| diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c |
| index 8d36f0c73071..3dc3e2897804 100644 |
| --- a/arch/x86/kvm/svm/sev.c |
| +++ b/arch/x86/kvm/svm/sev.c |
| @@ -1309,8 +1309,9 @@ static int sev_send_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) |
| } |
| |
| /* Copy packet header to userspace. */ |
| - ret = copy_to_user((void __user *)(uintptr_t)params.hdr_uaddr, hdr, |
| - params.hdr_len); |
| + if (copy_to_user((void __user *)(uintptr_t)params.hdr_uaddr, hdr, |
| + params.hdr_len)) |
| + ret = -EFAULT; |
| |
| e_free_trans_data: |
| kfree(trans_data); |
| -- |
| 2.30.2 |
| |
