diff mbox series

[5.10,02/99] KVM: downgrade two BUG_ONs to WARN_ON_ONCE

Message ID	20211220143029.436400411@linuxfoundation.org
State	New
Headers	show Return-Path: <stable-owner@kernel.org> From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, stable@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>, Sasha Levin <sashal@kernel.org> Subject: [PATCH 5.10 02/99] KVM: downgrade two BUG_ONs to WARN_ON_ONCE Date: Mon, 20 Dec 2021 15:33:35 +0100 Message-Id: <20211220143029.436400411@linuxfoundation.org> In-Reply-To: <20211220143029.352940568@linuxfoundation.org> References: <20211220143029.352940568@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	None \| expand [5.10,02/99] KVM: downgrade two BUG_ONs to WARN_ON_ONCE [5.10,03/99] mac80211: fix regression in SSN handling of addba tx [5.10,04/99] mac80211: mark TX-during-stop for TX in in_reconfig [5.10,05/99] mac80211: send ADDBA requests using the tid/queue of the aggregation session [5.10,06/99] mac80211: validate extended element ID is present [5.10,07/99] firmware: arm_scpi: Fix string overflow in SCPI genpd driver [5.10,08/99] bpf: Fix signed bounds propagation after mov32 [5.10,09/99] bpf: Make 32->64 bounds propagation slightly more robust [5.10,10/99] bpf, selftests: Add test case trying to taint map value pointer [5.10,11/99] virtio_ring: Fix querying of maximum DMA mapping size for virtio device [5.10,12/99] vdpa: check that offsets are within bounds [5.10,13/99] recordmcount.pl: look for jgnop instruction as well as bcrl on s390 [5.10,14/99] dm btree remove: fix use after free in rebalance_children() [5.10,15/99] audit: improve robustness of the audit queue handling [5.10,16/99] arm64: dts: imx8m: correct assigned clocks for FEC [5.10,17/99] arm64: dts: imx8mp-evk: Improve the Ethernet PHY description [5.10,18/99] arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from rk3399-khadas-edge [5.10,19/99] arm64: dts: rockchip: fix rk3308-roc-cc vcc-sd supply [5.10,20/99] arm64: dts: rockchip: fix rk3399-leez-p710 vcc3v3-lan supply [5.10,21/99] arm64: dts: rockchip: fix audio-supply for Rock Pi 4 [5.10,22/99] mac80211: track only QoS data frames for admission control [5.10,23/99] hv: utils: add PTP_1588_CLOCK to Kconfig to fix build [5.10,24/99] tee: amdtee: fix an IS_ERR() vs NULL bug [5.10,25/99] ceph: fix duplicate increment of opened_inodes metric [5.10,26/99] ceph: initialize pathlen variable in reconnect_caps_cb [5.10,27/99] ARM: socfpga: dts: fix qspi node compatible [5.10,28/99] clk: Dont parent clks until the parent is fully registered [5.10,29/99] soc: imx: Register SoC device only on i.MX boards [5.10,30/99] virtio/vsock: fix the transport to work with VMADDR_CID_ANY [5.10,31/99] selftests: net: Correct ping6 expected rc from 2 to 1 [5.10,32/99] s390/kexec_file: fix error handling when applying relocations [5.10,33/99] sch_cake: do not call cake_destroy() from cake_init() [5.10,34/99] inet_diag: fix kernel-infoleak for UDP sockets [5.10,35/99] net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg [5.10,36/99] selftests: Add duplicate config only for MD5 VRF tests [5.10,37/99] selftests: Fix raw socket bind tests with VRF [5.10,38/99] selftests: Fix IPv6 address bind tests [5.10,39/99] dmaengine: st_fdma: fix MODULE_ALIAS [5.10,40/99] net/sched: sch_ets: dont remove idle classes from the round-robin list [5.10,41/99] selftest/net/forwarding: declare NETIFS p9 p10 [5.10,42/99] drm/ast: potential dereference of null pointer [5.10,43/99] mac80211: agg-tx: dont schedule_and_wake_txq() under sta->lock [5.10,44/99] mac80211: fix lookup when adding AddBA extension element [5.10,45/99] flow_offload: return EOPNOTSUPP for the unsupported mpls action type [5.10,46/99] rds: memory leak in __rds_conn_create() [5.10,47/99] drm/amd/pm: fix a potential gpu_metrics_table memory leak [5.10,48/99] mptcp: clear kern flag from fallback sockets [5.10,49/99] soc/tegra: fuse: Fix bitwise vs. logical OR warning [5.10,50/99] igb: Fix removal of unicast MAC filters of VFs [5.10,51/99] igbvf: fix double free in `igbvf_probe` [5.10,52/99] igc: Fix typo in i225 LTR functions [5.10,53/99] ixgbe: Document how to enable NBASE-T support [5.10,54/99] ixgbe: set X550 MDIO speed before talking to PHY [5.10,55/99] netdevsim: Zero-initialize memory for new maps value in function nsim_bpf_map_alloc [5.10,56/99] net/packet: rx_owner_map depends on pg_vec [5.10,57/99] sfc_ef100: potential dereference of null pointer [5.10,58/99] net: Fix double 0x prefix print in SKB dump [5.10,59/99] net/smc: Prevent smc_release() from long blocking [5.10,60/99] net: systemport: Add global locking for descriptor lifecycle [5.10,61/99] sit: do not call ipip6_dev_free() from sit_init_net() [5.10,62/99] bpf, selftests: Fix racing issue in btf_skc_cls_ingress test [5.10,63/99] powerpc/85xx: Fix oops when CONFIG_FSL_PMC=n [5.10,64/99] USB: gadget: bRequestType is a bitfield, not a enum [5.10,65/99] Revert "usb: early: convert to readl_poll_timeout_atomic()" [5.10,66/99] KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILI... [5.10,67/99] tty: n_hdlc: make n_hdlc_tty_wakeup() asynchronous [5.10,68/99] USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) [5.10,69/99] usb: dwc2: fix STM ID/VBUS detection startup delay in dwc2_driver_probe [5.10,70/99] PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error [5.10,71/99] PCI/MSI: Mask MSI-X vectors only on success [5.10,72/99] usb: xhci: Extend support for runtime power management for AMDs Yellow carp. [5.10,73/99] USB: serial: cp210x: fix CP2105 GPIO registration [5.10,74/99] USB: serial: option: add Telit FN990 compositions [5.10,75/99] btrfs: fix memory leak in __add_inode_ref() [5.10,76/99] btrfs: fix double free of anon_dev after failure to create subvolume [5.10,77/99] zonefs: add MODULE_ALIAS_FS [5.10,78/99] iocost: Fix divide-by-zero on donation from low hweight cgroup [5.10,79/99] serial: 8250_fintek: Fix garbled text for console [5.10,80/99] timekeeping: Really make sure wall_to_monotonic isnt positive [5.10,81/99] libata: if T_LENGTH is zero, dma direction should be DMA_NONE [5.10,82/99] drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE [5.10,83/99] Input: touchscreen - avoid bitwise vs logical OR warning [5.10,84/99] ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name [5.10,85/99] xsk: Do not sleep in poll() when need_wakeup set [5.10,86/99] media: mxl111sf: change mutex_init() location [5.10,87/99] fuse: annotate lock in fuse_reverse_inval_entry() [5.10,88/99] ovl: fix warning in ovl_create_real() [5.10,89/99] scsi: scsi_debug: Dont call kcalloc() if size arg is zero [5.10,90/99] scsi: scsi_debug: Fix type in min_t to avoid stack OOB [5.10,91/99] scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() [5.10,92/99] rcu: Mark accesses to rcu_state.n_force_qs [5.10,93/99] bus: ti-sysc: Fix variable set but not used warning for reinit_modules [5.10,94/99] Revert "xsk: Do not sleep in poll() when need_wakeup set" [5.10,95/99] xen/blkfront: harden blkfront against event channel storms [5.10,96/99] xen/netfront: harden netfront against event channel storms [5.10,97/99] xen/console: harden hvc_xen against event channel storms [5.10,98/99] xen/netback: fix rx queue stall detection [5.10,99/99] xen/netback: dont queue unlimited number of packages

Commit Message

Greg Kroah-Hartman Dec. 20, 2021, 2:33 p.m. UTC

From: Paolo Bonzini <pbonzini@redhat.com>

[ Upstream commit 5f25e71e311478f9bb0a8ef49e7d8b95316491d7 ]

This is not an unrecoverable situation.  Users of kvm_read_guest_offset_cached
and kvm_write_guest_offset_cached must expect the read/write to fail, and
therefore it is possible to just return early with an error value.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 virt/kvm/kvm_main.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff mbox series

Patch

diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 97ac3c6fd4441..4a7d377b3a500 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -2590,7 +2590,8 @@  int kvm_write_guest_offset_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
 	int r;
 	gpa_t gpa = ghc->gpa + offset;
 
-	BUG_ON(len + offset > ghc->len);
+	if (WARN_ON_ONCE(len + offset > ghc->len))
+		return -EINVAL;
 
 	if (slots->generation != ghc->generation) {
 		if (__kvm_gfn_to_hva_cache_init(slots, ghc, ghc->gpa, ghc->len))
@@ -2627,7 +2628,8 @@  int kvm_read_guest_offset_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
 	int r;
 	gpa_t gpa = ghc->gpa + offset;
 
-	BUG_ON(len + offset > ghc->len);
+	if (WARN_ON_ONCE(len + offset > ghc->len))
+		return -EINVAL;
 
 	if (slots->generation != ghc->generation) {
 		if (__kvm_gfn_to_hva_cache_init(slots, ghc, ghc->gpa, ghc->len))