Subject: Re: [PATCH RESEND] KVM: X86: Fix stack-out-of-bounds read in
 write_mmio
To: Wanpeng Li <kernellwp@gmail.com>, linux-kernel@vger.kernel.org,
        kvm@vger.kernel.org
Cc: =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        Wanpeng Li <wanpeng.li@hotmail.com>
References: <1513069078-63339-1-git-send-email-wanpeng.li@hotmail.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <e9adc7ef-37c5-d2e0-ce3d-1aa70c3432f1@redhat.com>
Date: Tue, 12 Dec 2017 17:07:54 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <1513069078-63339-1-git-send-email-wanpeng.li@hotmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 742
Lines: 25

On 12/12/2017 09:57, Wanpeng Li wrote:
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index bc5d853..51e7932 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -4690,7 +4690,10 @@ static int write_emulate(struct kvm_vcpu *vcpu, gpa_t gpa,
>  
>  static int write_mmio(struct kvm_vcpu *vcpu, gpa_t gpa, int bytes, void *val)
>  {
> -	trace_kvm_mmio(KVM_TRACE_MMIO_WRITE, bytes, gpa, *(u64 *)val);
> +	u64 data = 0;
> +
> +	memcpy(&data, val, min(8, bytes));
> +	trace_kvm_mmio(KVM_TRACE_MMIO_WRITE, bytes, gpa, data);
>  	return vcpu_mmio_write(vcpu, gpa, bytes, val);
>  }
>  
> 

Please do the memcpy in TRACE_EVENT(kvm_mmio)'s TP_fast_assign block.
That is done only when the trace event is active.

Thanks,

Paolo