From patchwork Sat Oct 18 11:56:54 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 39004 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-lb0-f197.google.com (mail-lb0-f197.google.com [209.85.217.197]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 64913202DB for ; Sat, 18 Oct 2014 12:00:40 +0000 (UTC) Received: by mail-lb0-f197.google.com with SMTP id p9sf1232166lbv.4 for ; Sat, 18 Oct 2014 05:00:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:subject:date:message-id :in-reply-to:references:cc:precedence:list-id:list-unsubscribe :list-archive:list-post:list-help:list-subscribe:mime-version:sender :errors-to:x-original-sender:x-original-authentication-results :mailing-list:content-type:content-transfer-encoding; bh=4GJJw524wHs3WtHtHEgFF1x6KeVXS1WMu2ZMFQfu2NY=; b=KC4lJDMhb08cBBhZID6n4KPtdxjOCFtMWy/7543MV/f4ekSSGaLALeb7rhwt2fJ0Uc Hb3cPE/DZfVWdOqFy+m+ILTOByKG8FvUwBbi5ejIFV/eg5mn9sjmRnbUBJbTxdjP+R5N H8CvJS9csBwLte4hB1wlCo3NTpeDt1qLKUy+egJPTXBEdEQRugZV/8qAS02ZbWeLJhe6 rSHLlFzg/b917qOj0d/dKmrysP2QdGj1JzmESoKkG+TRguv4rUC0P/0pb0IiiiXoAs9Z owGFy6l+HlT3TjqWMKch386UpobzFH9JEn7x9n4zfa1Okf/AhWo5CIkZz1mWiFg03PgN OtBg== X-Gm-Message-State: ALoCoQnUvdwNVmZ5tkI0RYRZ4LBDNYIrtASCIfRdLk80vpD028APk0G1ktVGL+TC1lmHMgvBNLQi X-Received: by 10.180.90.115 with SMTP id bv19mr737970wib.1.1413633639107; Sat, 18 Oct 2014 05:00:39 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.8.194 with SMTP id t2ls312052laa.14.gmail; Sat, 18 Oct 2014 05:00:38 -0700 (PDT) X-Received: by 10.112.44.229 with SMTP id h5mr2195029lbm.86.1413633638665; Sat, 18 Oct 2014 05:00:38 -0700 (PDT) Received: from mail-lb0-f175.google.com (mail-lb0-f175.google.com. [209.85.217.175]) by mx.google.com with ESMTPS id sd8si5985849lbb.36.2014.10.18.05.00.38 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 18 Oct 2014 05:00:38 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.175 as permitted sender) client-ip=209.85.217.175; Received: by mail-lb0-f175.google.com with SMTP id u10so1896927lbd.34 for ; Sat, 18 Oct 2014 05:00:38 -0700 (PDT) X-Received: by 10.152.29.8 with SMTP id f8mr14867273lah.56.1413633638534; Sat, 18 Oct 2014 05:00:38 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.84.229 with SMTP id c5csp37771lbz; Sat, 18 Oct 2014 05:00:37 -0700 (PDT) X-Received: by 10.70.23.163 with SMTP id n3mr15205043pdf.0.1413633636872; Sat, 18 Oct 2014 05:00:36 -0700 (PDT) Received: from bombadil.infradead.org (bombadil.infradead.org. [2001:1868:205::9]) by mx.google.com with ESMTPS id ax2si3231327pbc.254.2014.10.18.05.00.36 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 18 Oct 2014 05:00:36 -0700 (PDT) Received-SPF: none (google.com: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org does not designate permitted sender hosts) client-ip=2001:1868:205::9; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1XfSev-0007yD-PL; Sat, 18 Oct 2014 11:58:57 +0000 Received: from inca-roads.misterjones.org ([213.251.177.50]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1XfSdi-0007Rl-KV for linux-arm-kernel@lists.infradead.org; Sat, 18 Oct 2014 11:57:47 +0000 Received: from [90.219.10.17] (helo=zomby-woof.wild-wind.fr.eu.org) by cheepnis.misterjones.org with esmtpsa (TLSv1.2:AES128-SHA256:128) (Exim 4.80) (envelope-from ) id 1XfSdB-0005Fz-N8; Sat, 18 Oct 2014 13:57:09 +0200 From: Marc Zyngier To: Gleb Natapov , Paolo Bonzini Subject: [PATCH 04/12] arm/arm64: KVM: fix potential NULL dereference in user_mem_abort() Date: Sat, 18 Oct 2014 12:56:54 +0100 Message-Id: <1413633422-14907-5-git-send-email-marc.zyngier@arm.com> X-Mailer: git-send-email 2.1.1 In-Reply-To: <1413633422-14907-1-git-send-email-marc.zyngier@arm.com> References: <1413633422-14907-1-git-send-email-marc.zyngier@arm.com> X-SA-Exim-Connect-IP: 90.219.10.17 X-SA-Exim-Rcpt-To: gleb@kernel.org, pbonzini@redhat.com, kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org, christoffer.dall@linaro.org, ard.biesheuvel@linaro.org X-SA-Exim-Mail-From: marc.zyngier@arm.com X-SA-Exim-Scanned: No (on cheepnis.misterjones.org); SAEximRunCond expanded to false X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20141018_045742_874562_17CF73DD X-CRM114-Status: UNSURE ( 8.68 ) X-CRM114-Notice: Please train this message. X-Spam-Score: 1.0 (+) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (1.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) Cc: linux-arm-kernel@lists.infradead.org, Christoffer Dall , kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org, Ard Biesheuvel X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: marc.zyngier@arm.com X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.175 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 From: Ard Biesheuvel Handle the potential NULL return value of find_vma_intersection() before dereferencing it. Acked-by: Marc Zyngier Signed-off-by: Ard Biesheuvel Signed-off-by: Christoffer Dall --- arch/arm/kvm/mmu.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c index 8f0c7a4..bb2e110 100644 --- a/arch/arm/kvm/mmu.c +++ b/arch/arm/kvm/mmu.c @@ -776,6 +776,12 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, /* Let's check if we will get back a huge page backed by hugetlbfs */ down_read(¤t->mm->mmap_sem); vma = find_vma_intersection(current->mm, hva, hva + 1); + if (unlikely(!vma)) { + kvm_err("Failed to find VMA for hva 0x%lx\n", hva); + up_read(¤t->mm->mmap_sem); + return -EFAULT; + } + if (is_vm_hugetlb_page(vma)) { hugetlb = true; gfn = (fault_ipa & PMD_MASK) >> PAGE_SHIFT;