Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp1826423pxb; Thu, 7 Oct 2021 16:21:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxAbgBuK5LMNZwg6nXd0MqNlaeRW78HwiKnoS1uUrVUDVuyuQ8vQF9rpg69SxDuImYx8uEM X-Received: by 2002:a17:906:38db:: with SMTP id r27mr9349009ejd.338.1633648875796; Thu, 07 Oct 2021 16:21:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633648875; cv=none; d=google.com; s=arc-20160816; b=uTi/tazSoS8SHUp8a0qDXpUUMo418rwScYDz0QNqypGuDGNxveEcxX0GtLz7/jw3do HMO9Lr2wTJZbDx85qHTw2hwgku06g7jrVPwZs7XcNorZZFVbMwEBoH7WUbjXLYYnxhCT I0L/iKChBv2v6zV7CKjj/GQWB9BsAqDhcM6tuhHBq/7u7ZdZK3AvYayN8vyEqNyXMNu7 YCzh43I1jep9WY0JsyhUhItxO8f0ZTl9aeSKuoVNyktoGnpYg+aBYfWsBS40VHV8joQL XBJnIJYN3DCpLRdbbmoYOjxaL3qdUrlA4jTZdvUnIygR5PJBrP0J9As1jDIMUKejVEk1 zcqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:from:subject :mime-version:message-id:date:reply-to:dkim-signature; bh=ywF2/rgM1bhy2sAaNDgCO3TYtTem4+JSfSFNkboo73g=; b=mWR8vAusfR/aa5UOR9b2BuP8m2ksYLKut2uGn9OdHQuEzXzKitX1HmWorOwyGA/4w+ skbG7Rc8NCnGDOpkgzIxwqS0FN9tXQTWujVcwt5Ks436/LtQb8JbXjFIcNxaZiXLSolu pmrENwy3fLcNu78USgdSv5zui585Z+QSK8cdfR7cppM6M1urfSHFwQDpVM/4TEe4Rp/K MhBOPHcPM+tvFmG7eDh/OCKFe8fgREWVv/MWCi3UPlvgAYY9yKf9LtSVnpQmCmaFudrA ID2qVGSC2BZB5ypSRHWs5L53hGpkLOsHWs80aIi/eimYkSbJCNVFLz0LHoxm+sAoD2Fy mptw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Nl2uaV7V; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i11si1208700edb.132.2021.10.07.16.20.27; Thu, 07 Oct 2021 16:21:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Nl2uaV7V; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233133AbhJGXSp (ORCPT + 99 others); Thu, 7 Oct 2021 19:18:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38524 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229778AbhJGXSo (ORCPT ); Thu, 7 Oct 2021 19:18:44 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 846E8C061570 for ; Thu, 7 Oct 2021 16:16:50 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id 124-20020a251182000000b005a027223ed9so9982979ybr.13 for ; Thu, 07 Oct 2021 16:16:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=reply-to:date:message-id:mime-version:subject:from:to:cc :content-transfer-encoding; bh=ywF2/rgM1bhy2sAaNDgCO3TYtTem4+JSfSFNkboo73g=; b=Nl2uaV7VRRjEOm/tpJ9KZVG7uSLYTfk8nEgePBQYBAjZk1f3EiWye9NDSWsSw7PtOE y91pUjSmvUwIhExZXsJnE2C3nHeRgeyoMJmuOxe8hK81N5hP+os1RkjJP704V7nSMlDV KYSJQNXlZrmU4J3O4GXkEcmdApLX640FSxzOSpNBfucZUFQn645ex3fSQSF0y6jZg9YU v0/K4HlgzySOEYa7YUtzKPeoV0EqUuuEY6R9QO8I13kD9lsVeXHiRCSeHZ0xzT1F0uzB yzqzb1lMFJqmVu3knJes7mA5BxrrZblOg4zDOqNOkVGvROtrc2G76S8j0nX6S2Cv9HEK fi1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:reply-to:date:message-id:mime-version:subject :from:to:cc:content-transfer-encoding; bh=ywF2/rgM1bhy2sAaNDgCO3TYtTem4+JSfSFNkboo73g=; b=GLZe9262xNbu1pyb8uKx8CznKWwdkZ5SRgRGCKQyzOFeB6Nn4015Dw1puKDr/F+SNG lTRcLaiB0qQdu5V8tB0brj/jZD+HGjFFX6p3FG7JsC8G9lFqaad1pz0w0DZOso/A+sPV pfD0yFpQ3xKtZRXHJ5rd5nDschT0dyqJREqSUuyS9z9NdxkA3IJlnqfA+jxodorfwL8p BQHgyZ/k6j8wfrMIU2TcyXwdHued6u5Ul9glA9KVtG98bt2kp0Z1NV1gXa0IyN0Yajc6 XuJVo10lMlHA5TYjQ7zFpISJxkAmY/JgRYqrknUsOGaVGm1EqpDu2IcArD8NgJQXIPoO pZcw== X-Gm-Message-State: AOAM530ymC+Ao1yJhIdedBooOBf+vWfK/9PkW3ju6RtafkW3MDFmg+CS 0v1NePON61z7Kv5s9lQdn+9IIvXnYiY= X-Received: from seanjc798194.pdx.corp.google.com ([2620:15c:90:200:2783:a5c0:45f5:b0ed]) (user=seanjc job=sendgmr) by 2002:a25:6150:: with SMTP id v77mr7923658ybb.530.1633648609838; Thu, 07 Oct 2021 16:16:49 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 7 Oct 2021 16:16:47 -0700 Message-Id: <20211007231647.3553604-1-seanjc@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.33.0.882.g93a45727a2-goog Subject: [PATCH] KVM: x86: Account for 32-bit kernels when handling address in TSC attrs From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Oliver Upton Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When handling TSC attributes, cast the userspace provided virtual address to an unsigned long before casting it to a pointer to fix warnings on 32-bit kernels due to casting a 64-bit integer to a 32-bit pointer. Add a check that the truncated address matches the original address, e.g. to prevent userspace specifying garbage in bits 63:32. arch/x86/kvm/x86.c: In function =E2=80=98kvm_arch_tsc_get_attr=E2=80=99: arch/x86/kvm/x86.c:4947:22: error: cast to pointer from integer of differ= ent size 4947 | u64 __user *uaddr =3D (u64 __user *)attr->addr; | ^ arch/x86/kvm/x86.c: In function =E2=80=98kvm_arch_tsc_set_attr=E2=80=99: arch/x86/kvm/x86.c:4967:22: error: cast to pointer from integer of differ= ent size 4967 | u64 __user *uaddr =3D (u64 __user *)attr->addr; | ^ Cc: Oliver Upton Fixes: 469fde25e680 ("KVM: x86: Expose TSC offset controls to userspace") Signed-off-by: Sean Christopherson --- arch/x86/kvm/x86.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 196ac33ef958..4a52a08707de 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4944,9 +4944,12 @@ static int kvm_arch_tsc_has_attr(struct kvm_vcpu *vc= pu, static int kvm_arch_tsc_get_attr(struct kvm_vcpu *vcpu, struct kvm_device_attr *attr) { - u64 __user *uaddr =3D (u64 __user *)attr->addr; + u64 __user *uaddr =3D (u64 __user *)(unsigned long)attr->addr; int r; =20 + if ((u64)(unsigned long)uaddr !=3D attr->addr) + return -EFAULT; + switch (attr->attr) { case KVM_VCPU_TSC_OFFSET: r =3D -EFAULT; @@ -4964,10 +4967,13 @@ static int kvm_arch_tsc_get_attr(struct kvm_vcpu *v= cpu, static int kvm_arch_tsc_set_attr(struct kvm_vcpu *vcpu, struct kvm_device_attr *attr) { - u64 __user *uaddr =3D (u64 __user *)attr->addr; + u64 __user *uaddr =3D (u64 __user *)(unsigned long)attr->addr; struct kvm *kvm =3D vcpu->kvm; int r; =20 + if ((u64)(unsigned long)uaddr !=3D attr->addr) + return -EFAULT; + switch (attr->attr) { case KVM_VCPU_TSC_OFFSET: { u64 offset, tsc, ns; --=20 2.33.0.882.g93a45727a2-goog