KVM: TDX: Check size of user's kvm_tdx_capabilities array before allocating (11b79f83) · Commits · git / linux-net

arch/x86/kvm/vmx/tdx.c

+7 −11

Original line number	Diff line number	Diff line
		@@ -2224,23 +2224,19 @@ static int tdx_get_capabilities(struct kvm_tdx_cmd *cmd)
		if (cmd->flags)
		return -EINVAL;

		user_caps = u64_to_user_ptr(cmd->data);
		if (get_user(nr_user_entries, &user_caps->cpuid.nent))
		return -EFAULT;

		if (nr_user_entries < td_conf->num_cpuid_config)
		return -E2BIG;

		caps = kzalloc(sizeof(*caps) +
		sizeof(struct kvm_cpuid_entry2) * td_conf->num_cpuid_config,
		GFP_KERNEL);
		if (!caps)
		return -ENOMEM;

		user_caps = u64_to_user_ptr(cmd->data);
		if (get_user(nr_user_entries, &user_caps->cpuid.nent)) {
		ret = -EFAULT;
		goto out;
		}

		if (nr_user_entries < td_conf->num_cpuid_config) {
		ret = -E2BIG;
		goto out;
		}

		ret = init_kvm_tdx_caps(td_conf, caps);
		if (ret)
		goto out;