Skip to content

Commit 8d2aec3

Browse files
bonzinibonzini
committed
KVM: x86: use u64_to_user_ptr()
There is no danger to the kernel if 32-bit userspace provides a 64-bit value that has the high bits set, but for whatever reason happens to resolve to an address that has something mapped there. KVM uses the checked version of get_user() and put_user(), so any faults are caught properly. Suggested-by: Sean Christopherson <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]> Message-ID: <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
1 parent 0d7bf5e commit 8d2aec3

File tree

1 file changed

+3
-21
lines changed

1 file changed

+3
-21
lines changed

arch/x86/kvm/x86.c

Lines changed: 3 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -4842,25 +4842,13 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
48424842
return r;
48434843
}
48444844

4845-
static inline void __user *kvm_get_attr_addr(struct kvm_device_attr *attr)
4846-
{
4847-
void __user *uaddr = (void __user*)(unsigned long)attr->addr;
4848-
4849-
if ((u64)(unsigned long)uaddr != attr->addr)
4850-
return ERR_PTR_USR(-EFAULT);
4851-
return uaddr;
4852-
}
4853-
48544845
static int kvm_x86_dev_get_attr(struct kvm_device_attr *attr)
48554846
{
4856-
u64 __user *uaddr = kvm_get_attr_addr(attr);
4847+
u64 __user *uaddr = u64_to_user_ptr(attr->addr);
48574848

48584849
if (attr->group)
48594850
return -ENXIO;
48604851

4861-
if (IS_ERR(uaddr))
4862-
return PTR_ERR(uaddr);
4863-
48644852
switch (attr->attr) {
48654853
case KVM_X86_XCOMP_GUEST_SUPP:
48664854
if (put_user(kvm_caps.supported_xcr0, uaddr))
@@ -5712,12 +5700,9 @@ static int kvm_arch_tsc_has_attr(struct kvm_vcpu *vcpu,
57125700
static int kvm_arch_tsc_get_attr(struct kvm_vcpu *vcpu,
57135701
struct kvm_device_attr *attr)
57145702
{
5715-
u64 __user *uaddr = kvm_get_attr_addr(attr);
5703+
u64 __user *uaddr = u64_to_user_ptr(attr->addr);
57165704
int r;
57175705

5718-
if (IS_ERR(uaddr))
5719-
return PTR_ERR(uaddr);
5720-
57215706
switch (attr->attr) {
57225707
case KVM_VCPU_TSC_OFFSET:
57235708
r = -EFAULT;
@@ -5735,13 +5720,10 @@ static int kvm_arch_tsc_get_attr(struct kvm_vcpu *vcpu,
57355720
static int kvm_arch_tsc_set_attr(struct kvm_vcpu *vcpu,
57365721
struct kvm_device_attr *attr)
57375722
{
5738-
u64 __user *uaddr = kvm_get_attr_addr(attr);
5723+
u64 __user *uaddr = u64_to_user_ptr(attr->addr);
57395724
struct kvm *kvm = vcpu->kvm;
57405725
int r;
57415726

5742-
if (IS_ERR(uaddr))
5743-
return PTR_ERR(uaddr);
5744-
57455727
switch (attr->attr) {
57465728
case KVM_VCPU_TSC_OFFSET: {
57475729
u64 offset, tsc, ns;

0 commit comments

Comments
 (0)