From: Alexey Kardashevskiy <aik@ozlabs.ru>
Date: Mon, 14 May 2018 10:00:29 +0000 (+1000)
Subject: KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters
X-Git-Tag: v4.18-rc1~12^2~1^2~57
X-Git-Url: https://git.kernel.dk/?a=commitdiff_plain;h=e45719af1caff16dbc0f6bf7bbfbc5e7a54738a5;p=linux-block.git

KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters

Although it does not seem possible to break the host by passing bad
parameters when creating a TCE table in KVM, it is still better to get
an early clear indication of that than debugging weird effect this might
bring.

This adds some sanity checks that the page size is 4KB..16GB as this is
what the actual LoPAPR supports and that the window actually fits 64bit
space.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
---

diff --git a/arch/powerpc/kvm/book3s_64_vio.c b/arch/powerpc/kvm/book3s_64_vio.c
index 984f1978a19c..80ead383d8ee 100644
--- a/arch/powerpc/kvm/book3s_64_vio.c
+++ b/arch/powerpc/kvm/book3s_64_vio.c
@@ -300,7 +300,8 @@ long kvm_vm_ioctl_create_spapr_tce(struct kvm *kvm,
 	int ret = -ENOMEM;
 	int i;
 
-	if (!args->size)
+	if (!args->size || args->page_shift < 12 || args->page_shift > 34 ||
+		(args->offset + args->size > (ULLONG_MAX >> args->page_shift)))
 		return -EINVAL;
 
 	size = _ALIGN_UP(args->size, PAGE_SIZE >> 3);