Commit 7c305d51 authored Jun 14, 2024 by Mathias Krause Committed by Sean Christopherson Jun 18, 2024

KVM: x86: Limit check IDs for KVM_SET_BOOT_CPU_ID



Do not accept IDs which are definitely invalid by limit checking the
passed value against KVM_MAX_VCPU_IDS and 'max_vcpu_ids' if it was
already set.

This ensures invalid values, especially on 64-bit systems, don't go
unnoticed and lead to a valid id by chance when truncated by the final
assignment.

Fixes: 73880c80 ("KVM: Break dependency between vcpu index in vcpus array and vcpu_id.")
Signed-off-by: Mathias Krause <minipli@grsecurity.net>
Link: https://lore.kernel.org/r/20240614202859.3597745-3-minipli@grsecurity.net


Co-developed-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>

parent 8b8e57e5

arch/x86/kvm/x86.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -7228,6 +7228,9 @@ int kvm_arch_vm_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg)
		mutex_lock(&kvm->lock);
		if (kvm->created_vcpus)
		r = -EBUSY;
		else if (arg > KVM_MAX_VCPU_IDS \|\|
		(kvm->arch.max_vcpu_ids && arg > kvm->arch.max_vcpu_ids))
		r = -EINVAL;
		else
		kvm->arch.bsp_vcpu_id = arg;
		mutex_unlock(&kvm->lock);