]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
projects / thirdparty / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d29bf2c)
KVM: selftests: Test max vCPU IDs corner cases
authorMathias Krause <minipli@grsecurity.net>
Fri, 14 Jun 2024 20:28:58 +0000 (22:28 +0200)
committerSean Christopherson <seanjc@google.com>
Tue, 18 Jun 2024 16:03:52 +0000 (09:03 -0700)
The KVM_CREATE_VCPU ioctl ABI had an implicit integer truncation bug,
allowing 2^32 aliases for a vCPU ID by setting the upper 32 bits of a 64
bit ioctl() argument.

It also allowed excluding a once set boot CPU ID.

Verify this no longer works and gets rejected with an error.

Signed-off-by: Mathias Krause <minipli@grsecurity.net>
Link: https://lore.kernel.org/r/20240614202859.3597745-5-minipli@grsecurity.net
[sean: tweak assert message+comment for 63:32!=0 testcase]
Signed-off-by: Sean Christopherson <seanjc@google.com>
tools/testing/selftests/kvm/x86_64/max_vcpuid_cap_test.c patch | blob | blame | history

diff --git a/tools/testing/selftests/kvm/x86_64/max_vcpuid_cap_test.c b/tools/testing/selftests/kvm/x86_64/max_vcpuid_cap_test.c
index 3cc4b86832fea00312b87b13ace3e6762873253e..7e2bfb3c3f3ba0004f892bd72f53ddf6cf1e6d50 100644 (file)
--- a/tools/testing/selftests/kvm/x86_64/max_vcpuid_cap_test.c
+++ b/tools/testing/selftests/kvm/x86_64/max_vcpuid_cap_test.c
@@ -26,19 +26,37 @@ int main(int argc, char *argv[])
        TEST_ASSERT(ret < 0,
                    "Setting KVM_CAP_MAX_VCPU_ID beyond KVM cap should fail");
 
+       /* Test BOOT_CPU_ID interaction (MAX_VCPU_ID cannot be lower) */
+       if (kvm_has_cap(KVM_CAP_SET_BOOT_CPU_ID)) {
+               vm_ioctl(vm, KVM_SET_BOOT_CPU_ID, (void *)MAX_VCPU_ID);
+
+               /* Try setting KVM_CAP_MAX_VCPU_ID below BOOT_CPU_ID */
+               ret = __vm_enable_cap(vm, KVM_CAP_MAX_VCPU_ID, MAX_VCPU_ID - 1);
+               TEST_ASSERT(ret < 0,
+                           "Setting KVM_CAP_MAX_VCPU_ID below BOOT_CPU_ID should fail");
+       }
+
        /* Set KVM_CAP_MAX_VCPU_ID */
        vm_enable_cap(vm, KVM_CAP_MAX_VCPU_ID, MAX_VCPU_ID);
 
-
        /* Try to set KVM_CAP_MAX_VCPU_ID again */
        ret = __vm_enable_cap(vm, KVM_CAP_MAX_VCPU_ID, MAX_VCPU_ID + 1);
        TEST_ASSERT(ret < 0,
                    "Setting KVM_CAP_MAX_VCPU_ID multiple times should fail");
 
-       /* Create vCPU with id beyond KVM_CAP_MAX_VCPU_ID cap*/
+       /* Create vCPU with id beyond KVM_CAP_MAX_VCPU_ID cap */
        ret = __vm_ioctl(vm, KVM_CREATE_VCPU, (void *)MAX_VCPU_ID);
        TEST_ASSERT(ret < 0, "Creating vCPU with ID > MAX_VCPU_ID should fail");
 
+       /* Create vCPU with bits 63:32 != 0, but an otherwise valid id */
+       ret = __vm_ioctl(vm, KVM_CREATE_VCPU, (void *)(1L << 32));
+       TEST_ASSERT(ret < 0, "Creating vCPU with ID[63:32] != 0 should fail");
+
+       /* Create vCPU with id within bounds */
+       ret = __vm_ioctl(vm, KVM_CREATE_VCPU, (void *)0);
+       TEST_ASSERT(ret >= 0, "Creating vCPU with ID 0 should succeed");
+
+       close(ret);
        kvm_vm_free(vm);
        return 0;
 }
A mirror of Linus' kernel repository