KVM: Validate userspace_addr of memslot when registered (fa3d315a) · Commits · e / devices / android_kernel_sony_msm8994

arch/x86/kvm/paging_tmpl.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -185,7 +185,7 @@ walk:
		}

		ptep_user = (pt_element_t __user )((void )host_addr + offset);
		if (unlikely(copy_from_user(&pte, ptep_user, sizeof(pte)))) {
		if (unlikely(__copy_from_user(&pte, ptep_user, sizeof(pte)))) {
		present = false;
		break;
		}

+5 −2

Original line number	Diff line number	Diff line
		@@ -648,7 +648,10 @@ int __kvm_set_memory_region(struct kvm *kvm,
		goto out;
		if (mem->guest_phys_addr & (PAGE_SIZE - 1))
		goto out;
		if (user_alloc && (mem->userspace_addr & (PAGE_SIZE - 1)))
		/* We can read the guest memory with __xxx_user() later on. */
		if (user_alloc &&
		((mem->userspace_addr & (PAGE_SIZE - 1)) \|\|
		!access_ok(VERIFY_WRITE, mem->userspace_addr, mem->memory_size)))
		goto out;
		if (mem->slot >= KVM_MEMORY_SLOTS + KVM_PRIVATE_MEM_SLOTS)
		goto out;
		@@ -1283,7 +1286,7 @@ int kvm_read_guest_page(struct kvm kvm, gfn_t gfn, void data, int offset,
		addr = gfn_to_hva(kvm, gfn);
		if (kvm_is_error_hva(addr))
		return -EFAULT;
		r = copy_from_user(data, (void __user *)addr + offset, len);
		r = __copy_from_user(data, (void __user *)addr + offset, len);
		if (r)
		return -EFAULT;
		return 0;