Received: by 2002:a05:7412:8521:b0:e2:908c:2ebd with SMTP id t33csp421094rdf; Fri, 3 Nov 2023 05:01:54 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGQXh0V+osFKCqpImsr59i2I6ao4/OlzcVLQHiUyZOkF+x8g/qZlsh5ITZ2bJwsFOru6vaE X-Received: by 2002:a05:6a00:3a96:b0:6c1:6695:a6e0 with SMTP id fk22-20020a056a003a9600b006c16695a6e0mr9551453pfb.23.1699012914604; Fri, 03 Nov 2023 05:01:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1699012914; cv=none; d=google.com; s=arc-20160816; b=E6DkoZqf7CM9ic0Xl4yJboKKdidOmPxppASvqVLbDfixHkxRI03Zv8a9BPY/tew/si ScnDm35WnYOLT1CZK8e7hQUy7WVYUdcT7qOvFsJrYi6DLps8nV8qH3HcSAgWUqMyj0iF vI496Y07KC6tAZmzK/zW1JA7m2+9tQxAULBLCD3jfNgSJK632xCufXLm9MxzVYaOcdWA MQ7g2yzDoC4uztchaotbdbQ1xPYo13vVS6PlwejgdvA6G++U/L/ihAQUaOtZeZZSDB4t leoHjtt8t4nt/6oDwdDO1bm1u4vMGWJyyProwKTfzztA1gPaYUw7XnmfBzfnGml4LuGy xfFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:dkim-signature; bh=tXdWCP6IvP9CCfwXmUw4Ls+/FsbFNc7XchVYpI+k12M=; fh=6NNJzA58rWVT21mpuxHxFdi2k1DNsWRTMsNu9AkIqPc=; b=JVWuCWzw5Z14CdebsoYm5ahXIl3x25y8k8ICrS9zgNv1CLMTt8ayZmAnz3Eznqo709 ca5nvmjwa0Ks0mxZpL5U4JdXbV0dEf7COYgCbN9o4rk0T375Jwr09zKgLZ/7PYqmOVls y+xws1LEixu+o9xPwVo4aDFErOzoHc6mxzskBhOzbRIRROPM69kN5Dem1bCKRjP3nTND vhSP109M15dVV102Qy/Y+JBYDmHsH1JuC4uyn2ZY8Zs7RCH98p0wob+w6z0o89mPCeVm Qggxh4jBSw1OgAHyCQGLBCsHV75qDMfgUFKzNVZDiZtoPADUDi532TFFRNjxdsUjIkTP G8OA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=fkRnU2AQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id u63-20020a637942000000b0059fa3d2e560si1334905pgc.298.2023.11.03.05.01.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Nov 2023 05:01:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=fkRnU2AQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 02B3A8293C5E; Fri, 3 Nov 2023 05:01:51 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345837AbjKCMBl (ORCPT + 99 others); Fri, 3 Nov 2023 08:01:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42068 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229486AbjKCMBj (ORCPT ); Fri, 3 Nov 2023 08:01:39 -0400 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 207F4D43; Fri, 3 Nov 2023 05:01:37 -0700 (PDT) Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3A3BoWgF001467; Fri, 3 Nov 2023 12:01:04 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=date : from : to : cc : subject : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=pp1; bh=tXdWCP6IvP9CCfwXmUw4Ls+/FsbFNc7XchVYpI+k12M=; b=fkRnU2AQOs8UXqSZ8FzeKzIT7YiBvbKlR1WP4dBqOUqFh+mAgk8gcdGJF5hRFzeCyr57 BGre8D7yDAKHa0RQRgOJw8lYT6C79AMkUYCFuTDvV1rw/gr6fYuAAGJ+hNMM+1P+BzZi iYi/qwaY3r8Ba1CB4FeR2w9SuSbutR7JyYrfEu3cOTLvPmbc1cnuE7EZOmychgOgZR3s kyXmnYtOER5blCxPw1e7AmSPIut+olNzQRcXu5IixBDavUK76ZroJPQAW/1JaDZ5NWvW VQaVOUQulElI0zvOxymqIAOrIqYkOTB3/1F4dRjKWROrP2qtSWrbPKpCi9i6K+AQTSGY wA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3u50bb09hf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 03 Nov 2023 12:01:02 +0000 Received: from m0356516.ppops.net (m0356516.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 3A3BpISY003056; Fri, 3 Nov 2023 12:00:47 GMT Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3u50bb09a2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 03 Nov 2023 12:00:46 +0000 Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3A39GltY007674; Fri, 3 Nov 2023 12:00:41 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 3u1dmp5qw5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 03 Nov 2023 12:00:41 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3A3C0ci735783114 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 3 Nov 2023 12:00:38 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E9B3520043; Fri, 3 Nov 2023 12:00:37 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A204A20040; Fri, 3 Nov 2023 12:00:37 +0000 (GMT) Received: from p-imbrenda (unknown [9.152.224.66]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 3 Nov 2023 12:00:37 +0000 (GMT) Date: Fri, 3 Nov 2023 12:55:37 +0100 From: Claudio Imbrenda To: Philipp Stanner Cc: Christian Borntraeger , Janosch Frank , David Hildenbrand , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Sven Schnelle , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , kvm@vger.kernel.org, linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org, Dave Airlie Subject: Re: [PATCH 2/3] arch/s390/kvm: copy userspace-array safely Message-ID: <20231103125537.037bb8c5@p-imbrenda> In-Reply-To: <20231102181526.43279-3-pstanner@redhat.com> References: <20231102181526.43279-1-pstanner@redhat.com> <20231102181526.43279-3-pstanner@redhat.com> Organization: IBM X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: dvPBF6m8S3gwk57u1Rzys3oxgSAuDOic X-Proofpoint-GUID: EmI6eegtLK_AUBAz3S7z00xHUhVjhFQV X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-03_12,2023-11-02_03,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 spamscore=0 lowpriorityscore=0 suspectscore=0 impostorscore=0 mlxscore=0 priorityscore=1501 bulkscore=0 mlxlogscore=999 clxscore=1011 malwarescore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2310240000 definitions=main-2311030100 X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Fri, 03 Nov 2023 05:01:52 -0700 (PDT) On Thu, 2 Nov 2023 19:15:25 +0100 Philipp Stanner wrote: > guestdbg.c utilizes memdup_user() to copy a userspace array. This, > currently, does not check for an overflow. > > Use the new wrapper memdup_array_user() to copy the array more safely. > > Suggested-by: Dave Airlie > Signed-off-by: Philipp Stanner Acked-by: Claudio Imbrenda > --- > arch/s390/kvm/guestdbg.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/s390/kvm/guestdbg.c b/arch/s390/kvm/guestdbg.c > index 3765c4223bf9..80879fc73c90 100644 > --- a/arch/s390/kvm/guestdbg.c > +++ b/arch/s390/kvm/guestdbg.c > @@ -213,8 +213,8 @@ int kvm_s390_import_bp_data(struct kvm_vcpu *vcpu, > else if (dbg->arch.nr_hw_bp > MAX_BP_COUNT) > return -EINVAL; > > - bp_data = memdup_user(dbg->arch.hw_bp, > - sizeof(*bp_data) * dbg->arch.nr_hw_bp); > + bp_data = memdup_array_user(dbg->arch.hw_bp, dbg->arch.nr_hw_bp, > + sizeof(*bp_data)); > if (IS_ERR(bp_data)) > return PTR_ERR(bp_data); >