Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp247354pxf; Wed, 31 Mar 2021 02:16:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxaLmy4Bu2ONkpSB9nKqrXYC6X/OEeFiBvuaFgtnTnjdgXGItVLi8n86lEPdc/5/g3prxbp X-Received: by 2002:a17:906:3b48:: with SMTP id h8mr2416721ejf.261.1617182218678; Wed, 31 Mar 2021 02:16:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617182218; cv=none; d=google.com; s=arc-20160816; b=fvnaK4UpHnpD5p/6fJQyltGuHgaYD/LUwav1A2rRVjTABAsvk0Ue7UlnY+5MmMTXh3 oOMGwLvmY2eQeX7v5HARI7ntE1VZropAgmkAIBZTmKPKB2ARQwSG6mH99gspAsJECY1l G51kAcssIG1fvKW9JJfXnrFD4Gqnja4ZjipDV/NrJA60D1OiwJTqPbdH10HdePoLynyI PoUlgQY9Azi/J6FgPwI5RfI0/TR1h7WwatG0mQZ738CZOXMbUmJOW5BIPw7LZcLetXJm S5x9aJmx9D+MmEPDVgX+OV3A/I9ijpsdUZa+5BahGa9V0edpuNJBcVnlu2PcZxootn7e 9a0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from; bh=5Fd/ayerdFKOEIkFJ8OA8lft9vQnlYLRBYpZAknnDzA=; b=TKc8+IkM5n5QCCjiCaWT9ZwbeWHSJuas/MukKXNrT81qo3dB0vjt5qSRlS1wecE7hV CItHTwC3SAOtIbwciQqu3R2U6j2WYWYCUw3nIR2aOGP2TPz685O6gyswGD+Hjd4Jd4Oi 55jc8MVQVxLV+2Qyrm0Gn8Z7G/9fzO6DPmQokMV5ktOMbDD0q88+gWW8Bag4w/wfxs/C nZli4AMXArSgGR2ve4HI/4XCs2iym3mFpLStymmdu3YvsNQNsxkugAS5BQsFcfuWYs4r uPfrzznz8CABEdayDGVLIZznlsPYGhewhm6mHMXqync/vruer3lievksn3VHWBKmZrS+ xOtQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a20si1175708ejf.345.2021.03.31.02.16.35; Wed, 31 Mar 2021 02:16:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234658AbhCaJPg (ORCPT + 99 others); Wed, 31 Mar 2021 05:15:36 -0400 Received: from out30-44.freemail.mail.aliyun.com ([115.124.30.44]:47953 "EHLO out30-44.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234349AbhCaJP0 (ORCPT ); Wed, 31 Mar 2021 05:15:26 -0400 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R861e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04426;MF=yang.lee@linux.alibaba.com;NM=1;PH=DS;RN=14;SR=0;TI=SMTPD_---0UTwZ0zg_1617182123; Received: from j63c13417.sqa.eu95.tbsite.net(mailfrom:yang.lee@linux.alibaba.com fp:SMTPD_---0UTwZ0zg_1617182123) by smtp.aliyun-inc.com(127.0.0.1); Wed, 31 Mar 2021 17:15:24 +0800 From: Yang Li To: pbonzini@redhat.com Cc: seanjc@google.com, vkuznets@redhat.com, wanpengli@tencent.com, jmattson@google.com, joro@8bytes.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Yang Li Subject: [PATCH] KVM: x86: Fix potential memory access error Date: Wed, 31 Mar 2021 17:15:22 +0800 Message-Id: <1617182122-112315-1-git-send-email-yang.lee@linux.alibaba.com> X-Mailer: git-send-email 1.8.3.1 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Using __set_bit() to set a bit in an integer is not a good idea, since the function expects an unsigned long as argument, which can be 64bit wide. Coverity reports this problem as High:Out-of-bounds access(INCOMPATIBLE_CAST) CWE119: Out-of-bounds access to a scalar Pointer "&vcpu->arch.regs_avail" points to an object whose effective type is "unsigned int" (32 bits, unsigned) but is dereferenced as a wider "unsigned long" (64 bits, unsigned). This may lead to memory corruption. /home/heyuan.shy/git-repo/linux/arch/x86/kvm/kvm_cache_regs.h: kvm_register_is_available Just use BIT instead. Reported-by: Abaci Robot Signed-off-by: Yang Li --- arch/x86/kvm/kvm_cache_regs.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/kvm_cache_regs.h b/arch/x86/kvm/kvm_cache_regs.h index 2e11da2..cfa45d88 100644 --- a/arch/x86/kvm/kvm_cache_regs.h +++ b/arch/x86/kvm/kvm_cache_regs.h @@ -52,14 +52,14 @@ static inline bool kvm_register_is_dirty(struct kvm_vcpu *vcpu, static inline void kvm_register_mark_available(struct kvm_vcpu *vcpu, enum kvm_reg reg) { - __set_bit(reg, (unsigned long *)&vcpu->arch.regs_avail); + vcpu->arch.regs_avail |= BIT(reg); } static inline void kvm_register_mark_dirty(struct kvm_vcpu *vcpu, enum kvm_reg reg) { - __set_bit(reg, (unsigned long *)&vcpu->arch.regs_avail); - __set_bit(reg, (unsigned long *)&vcpu->arch.regs_dirty); + vcpu->arch.regs_avail |= BIT(reg); + vcpu->arch.regs_dirty |= BIT(reg); } static inline unsigned long kvm_register_read(struct kvm_vcpu *vcpu, int reg) -- 1.8.3.1