git.kernel.dk Git - linux-block.git/commit

author	Thomas Huth <thuth@redhat.com>
	Wed, 8 Feb 2023 14:01:03 +0000 (15:01 +0100)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Thu, 16 Mar 2023 14:18:06 +0000 (10:18 -0400)
commit	2def950c63e3f976af87a2606dabe0c9e21c605b
tree	968aaa0c6cf6f28e2df147e842e21ab13c230756	tree \| snapshot
parent	c5edd753a0bd6243a597f5199c227a50457ee179	commit \| diff

KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX

In case of success, this function returns the amount of handled bytes.
However, this does not work for large values: The function is called
from kvm_arch_vm_ioctl() (which still returns a long), which in turn
is called from kvm_vm_ioctl() in virt/kvm/kvm_main.c. And that function
stores the return value in an "int r" variable. So the upper 32-bits
of the "long" return value are lost there.

KVM ioctl functions should only return "int" values, so let's limit
the amount of bytes that can be requested here to INT_MAX to avoid
the problem with the truncated return value. We can then also change
the return type of the function to "int" to make it clearer that it
is not possible to return a "long" here.

Fixes: f0376edb1ddc ("KVM: arm64: Add ioctl to fetch/store tags in a guest")
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Gavin Shan <gshan@redhat.com>
Reviewed-by: Steven Price <steven.price@arm.com>
Message-Id: <20230208140105.655814-5-thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Documentation/virt/kvm/api.rst		diff \| blob \| blame \| history
arch/arm64/include/asm/kvm_host.h		diff \| blob \| blame \| history
arch/arm64/kvm/guest.c		diff \| blob \| blame \| history