diff options
author | Sean Christopherson <seanjc@google.com> | 2022-05-26 21:08:10 +0000 |
---|---|---|
committer | Paolo Bonzini <pbonzini@redhat.com> | 2022-06-10 10:01:29 -0400 |
commit | 61d9c412d0416aa1f7914a732d424a9e8ff24c36 (patch) | |
tree | 7d34c9d08eb4fd7ce25793adcdb208ec6e4efccb /arch/x86/kvm/emulate.c | |
parent | e15f5e6fa6ca1b3baf087314b2541afa935d00e7 (diff) | |
download | lwn-61d9c412d0416aa1f7914a732d424a9e8ff24c36.tar.gz lwn-61d9c412d0416aa1f7914a732d424a9e8ff24c36.zip |
KVM: x86: Grab regs_dirty in local 'unsigned long'
Capture ctxt->regs_dirty in a local 'unsigned long' instead of casting it
to an 'unsigned long *' for use in for_each_set_bit(). The bitops helpers
really do read the entire 'unsigned long', even though the walking of the
read value is capped at the specified size. I.e. 64-bit KVM is reading
memory beyond ctxt->regs_dirty, which is a u32 and thus 4 bytes, whereas
an unsigned long is 8 bytes. Functionally it's not an issue because
regs_dirty is in the middle of x86_emulate_ctxt, i.e. KVM is just reading
its own memory, but relying on that coincidence is gross and unsafe.
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220526210817.3428868-2-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'arch/x86/kvm/emulate.c')
-rw-r--r-- | arch/x86/kvm/emulate.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 89b11e7dca8a..7226a127ccb4 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -269,9 +269,10 @@ static ulong *reg_rmw(struct x86_emulate_ctxt *ctxt, unsigned nr) static void writeback_registers(struct x86_emulate_ctxt *ctxt) { + unsigned long dirty = ctxt->regs_dirty; unsigned reg; - for_each_set_bit(reg, (ulong *)&ctxt->regs_dirty, 16) + for_each_set_bit(reg, &dirty, 16) ctxt->ops->write_gpr(ctxt, reg, ctxt->_regs[reg]); } |