Commit d38ea957 authored by Sean Christopherson's avatar Sean Christopherson Committed by Paolo Bonzini
Browse files

KVM: x86: Bug the VM on an out-of-bounds data read 



Bug the VM and terminate emulation if an out-of-bounds read into the
emulator's data cache occurs.  Knowingly contuining on all but guarantees
that KVM will overwrite random kernel data, which is far, far worse than
killing the VM.

Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Reviewed-by: default avatarVitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20220526210817.3428868-9-seanjc@google.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 49a1431d

arch/x86/kvm/emulate.c

+2 −1
Original line number Diff line number Diff line
@@ -1373,7 +1373,8 @@ static int read_emulated(struct x86_emulate_ctxt *ctxt, 
	if (mc->pos < mc->end)

		goto read_cached;



	WARN_ON((mc->end + size) >= sizeof(mc->data));

	if (KVM_EMULATOR_BUG_ON((mc->end + size) >= sizeof(mc->data), ctxt))

		return X86EMUL_UNHANDLEABLE;



	rc = ctxt->ops->read_emulated(ctxt, addr, mc->data + mc->end, size,

				      &ctxt->exception);