[PATCH v2 8/8] KVM: x86: Bug the VM on an out-of-bounds data read

From: Sean Christopherson
Date: Thu May 26 2022 - 17:25:09 EST

Next message: Russ Weight: "Re: [PATCH v21 5/5] fpga: m10bmc-sec: add max10 secure update functions"
Previous message: Sean Christopherson: "[PATCH v2 6/8] KVM: x86: Bug the VM if the emulator accesses a non-existent GPR"
In reply to: Kees Cook: "Re: [PATCH v2 6/8] KVM: x86: Bug the VM if the emulator accesses a non-existent GPR"
Next in thread: Kees Cook: "Re: [PATCH v2 8/8] KVM: x86: Bug the VM on an out-of-bounds data read"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bug the VM and terminate emulation if an out-of-bounds read into the
emulator's data cache occurs. Knowingly contuining on all but guarantees
that KVM will overwrite random kernel data, which is far, far worse than
killing the VM.

Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
---
arch/x86/kvm/emulate.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 2aa17462a9ac..39ea9138224c 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -1373,7 +1373,8 @@ static int read_emulated(struct x86_emulate_ctxt *ctxt,
if (mc->pos < mc->end)
goto read_cached;

- WARN_ON((mc->end + size) >= sizeof(mc->data));
+ if (KVM_EMULATOR_BUG_ON((mc->end + size) >= sizeof(mc->data), ctxt))
+ return X86EMUL_UNHANDLEABLE;

rc = ctxt->ops->read_emulated(ctxt, addr, mc->data + mc->end, size,
&ctxt->exception);
--
2.36.1.255.ge46751e96f-goog

Next message: Russ Weight: "Re: [PATCH v21 5/5] fpga: m10bmc-sec: add max10 secure update functions"
Previous message: Sean Christopherson: "[PATCH v2 6/8] KVM: x86: Bug the VM if the emulator accesses a non-existent GPR"
In reply to: Kees Cook: "Re: [PATCH v2 6/8] KVM: x86: Bug the VM if the emulator accesses a non-existent GPR"
Next in thread: Kees Cook: "Re: [PATCH v2 8/8] KVM: x86: Bug the VM on an out-of-bounds data read"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]