Re: [PATCH] KVM: nVMX: Check MSR load/store list counts during VM-Enter consistency checks

From: Sean Christopherson
Date: Fri Apr 25 2025 - 19:24:50 EST

Next message: Sean Christopherson: "Re: [PATCH 1/2] KVM: x86: Use asm_inline() instead of asm() in kvm_hypercall[0-4]()"
Previous message: Sean Christopherson: "Re: [PATCH v2] KVM: SVM: Fix SNP AP destroy race with VMRUN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 14 Mar 2025 19:44:02 -0700, Sean Christopherson wrote:
> Explicitly verify the MSR load/store list counts are below the advertised
> limit as part of the initial consistency checks on the lists, so that code
> that consumes the count doesn't need to worry about extreme edge cases.
> Enforcing the limit during the initial checks fixes a flaw on 32-bit KVM
> where a sufficiently high @count could lead to overflow:
>
> arch/x86/kvm/vmx/nested.c:834 nested_vmx_check_msr_switch()
> warn: potential user controlled sizeof overflow 'addr + count * 16' '0-u64max + 16-68719476720'
>
> [...]

Applied to kvm-x86 vmx, thanks!

[1/1] KVM: nVMX: Check MSR load/store list counts during VM-Enter consistency checks
https://github.com/kvm-x86/linux/commit/17a2c62fbf1e

--
https://github.com/kvm-x86/linux/tree/next

Next message: Sean Christopherson: "Re: [PATCH 1/2] KVM: x86: Use asm_inline() instead of asm() in kvm_hypercall[0-4]()"
Previous message: Sean Christopherson: "Re: [PATCH v2] KVM: SVM: Fix SNP AP destroy race with VMRUN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]