Nicholas Piggin f62f3c2064 KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow ... The kvmppc_rtas_hcall() sets the host rtas_args.rets pointer based on the rtas_args.nargs that was provided by the guest. That guest nargs value is not range checked, so the guest can cause the host rets pointer to be pointed outside the args array. The individual rtas function handlers check the nargs and nrets values to ensure they are correct, but if they are not, the handlers store a -3 (0xfffffffd) failure indication in rets[0] which corrupts host memory. Fix this by testing up front whether the guest supplied nargs and nret would exceed the array size, and fail the hcall directly without storing a failure indication to rets[0]. Also expand on a comment about why we kill the guest and try not to return errors directly if we have a valid rets[0] pointer. Fixes: 8e591cb720 ("KVM: PPC: Book3S: Add infrastructure to implement kernel-side RTAS calls") Cc: stable@vger.kernel.org # v3.10+ Reported-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>		2021-07-23 16:14:31 +10:00
..
book3s.c	KVM: debugfs: Reuse binary stats descriptors	2021-06-24 18:00:29 -04:00
book3s.h	KVM: PPC: Convert to the gfn-based MMU notifier callbacks	2021-04-17 08:31:07 -04:00
book3s_32_mmu.c
book3s_32_mmu_host.c	powerpc/32s: move CTX_TO_VSID() into mmu-hash.h	2021-06-17 00:09:08 +10:00
book3s_32_sr.S
book3s_64_entry.S	KVM: PPC: Book3S HV P9: implement hash host / hash guest support	2021-06-10 22:12:15 +10:00
book3s_64_mmu.c
book3s_64_mmu_host.c	powerpc/kvm: Fix build error when PPC_MEM_KEYS/PPC_PSERIES=n	2021-04-27 10:48:37 +10:00
book3s_64_mmu_hv.c	KVM: PPC: Book3S HV: Fix kvm_unmap_gfn_range_hv() for Hash MMU	2021-05-12 11:07:39 +10:00
book3s_64_mmu_radix.c	KVM: PPC: Book3S HV: Use H_RPT_INVALIDATE in nested KVM	2021-06-22 23:38:28 +10:00
book3s_64_slb.S
book3s_64_vio.c	KVM: PPC: Book3S: Fix symbol undeclared warnings	2020-09-22 11:53:55 +10:00
book3s_64_vio_hv.c	KVM: PPC: Book3S HV: Remove virt mode checks from real mode handlers	2021-06-10 22:12:14 +10:00
book3s_emulate.c	powerpc/32s: Change mfsrin() into a static inline function	2021-02-09 01:10:15 +11:00
book3s_exports.c
book3s_hv.c	KVM: PPC: Book3S: Fix CONFIG_TRANSACTIONAL_MEM=n crash	2021-07-17 14:33:17 +10:00
book3s_hv_builtin.c	KVM: PPC: Book3S HV: Fix TLB management on SMT8 POWER9 and POWER10 processors	2021-06-21 09:22:34 +10:00
book3s_hv_hmi.c
book3s_hv_interrupts.S	KVM: PPC: Book3S HV: remove ISA v3.0 and v3.1 support from P7/8 path	2021-06-10 22:12:15 +10:00
book3s_hv_nested.c	KVM: PPC: Book3S HV: Workaround high stack usage with clang	2021-06-23 00:18:30 +10:00
book3s_hv_p9_entry.c	KVM: PPC: Book3S HV P9: Fix guest TM support	2021-07-15 21:53:37 +10:00
book3s_hv_ras.c	KVM: PPC: Book3S HV: Don't attempt to recover machine checks for FWNMI enabled guests	2020-12-04 01:01:23 +11:00
book3s_hv_rm_mmu.c	ARM:	2021-06-28 15:40:51 -07:00
book3s_hv_rm_xics.c	KVM: PPC: Book3S HV: Remove unused nested HV tests in XICS emulation	2021-06-10 22:12:14 +10:00
book3s_hv_rm_xive.c	mm: reorder includes after introduction of linux/pgtable.h	2020-06-09 09:39:13 -07:00
book3s_hv_rmhandlers.S	KVM: PPC: Book3S HV: remove ISA v3.0 and v3.1 support from P7/8 path	2021-06-10 22:12:15 +10:00
book3s_hv_tm.c
book3s_hv_tm_builtin.c
book3s_hv_uvmem.c	Merge branch 'akpm' (patches from Andrew)	2021-06-29 17:29:11 -07:00
book3s_interrupts.S	PPC KVM update for 5.9	2020-08-09 13:24:02 -04:00
book3s_mmu_hpte.c
book3s_paired_singles.c	KVM: PPC: Clean up redundant 'kvm_run' parameters	2020-05-27 11:39:31 +10:00
book3s_pr.c	powerpc updates for 5.14	2021-07-02 12:54:34 -07:00
book3s_pr_papr.c	KVM: stats: Separate generic stats from architecture specific ones	2021-06-24 11:47:56 -04:00
book3s_rmhandlers.S	powerpc: Replace RFI by rfi on book3s/32 and booke	2020-11-19 16:56:54 +11:00
book3s_rtas.c	KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow	2021-07-23 16:14:31 +10:00
book3s_segment.S	KVM: PPC: Book3S 64: move bad_host_intr check to HV handler	2021-06-10 22:12:12 +10:00
book3s_xics.c	KVM: PPC: Book3S: Assign boolean values to a bool variable	2020-12-15 22:22:06 +11:00
book3s_xics.h
book3s_xive.c	Updates for the interrupt subsystem:	2021-06-29 12:25:04 -07:00
book3s_xive.h	KVM: PPC: Book3S HV: Remove virt mode checks from real mode handlers	2021-06-10 22:12:14 +10:00
book3s_xive_native.c	Updates for the interrupt subsystem:	2021-06-29 12:25:04 -07:00
book3s_xive_template.c	powerpc/xive: Remove P9 DD1 flag XIVE_IRQ_FLAG_EOI_FW	2020-12-11 09:53:10 +11:00
booke.c	KVM: debugfs: Reuse binary stats descriptors	2021-06-24 18:00:29 -04:00
booke.h	KVM: PPC: Clean up redundant 'kvm_run' parameters	2020-05-27 11:39:31 +10:00
booke_emulate.c	KVM: PPC: Clean up redundant 'kvm_run' parameters	2020-05-27 11:39:31 +10:00
booke_interrupts.S	KVM: PPC: Clean up redundant kvm_run parameters in assembly	2020-07-23 15:50:01 +10:00
bookehv_interrupts.S	KVM: PPC: Clean up redundant kvm_run parameters in assembly	2020-07-23 15:50:01 +10:00
e500.c
e500.h
e500_emulate.c	KVM: PPC: Clean up redundant 'kvm_run' parameters	2020-05-27 11:39:31 +10:00
e500_mmu.c
e500_mmu_host.c	KVM: PPC: Convert to the gfn-based MMU notifier callbacks	2021-04-17 08:31:07 -04:00
e500_mmu_host.h
e500mc.c
emulate.c	KVM: PPC: Clean up redundant 'kvm_run' parameters	2020-05-27 11:39:31 +10:00
emulate_loadstore.c	MIPS:	2020-06-12 11:05:52 -07:00
fpu.S	mm: reorder includes after introduction of linux/pgtable.h	2020-06-09 09:39:13 -07:00
irq.h
Kconfig	powerpc/kvm: Force selection of CONFIG_PPC_FPU	2021-01-30 11:39:32 +11:00
Makefile	KVM: stats: Add fd-based API to read binary stats data	2021-06-24 11:47:57 -04:00
mpic.c
powerpc.c	KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak	2021-07-17 14:33:18 +10:00
timing.c
timing.h
tm.S
trace.h
trace_book3s.h
trace_booke.h	KVM: Move arm64's MMU notifier trace events to generic code	2021-04-17 08:30:56 -04:00
trace_hv.h	KVM: PPC: Fix typo on H_DISABLE_AND_GET hcall	2020-07-23 17:43:35 +10:00
trace_pr.h