git.ipfire.org Git - thirdparty/linux.git/commit

author	David Matlack <dmatlack@google.com>
	Fri, 3 May 2024 18:17:33 +0000 (11:17 -0700)
committer	Sean Christopherson <seanjc@google.com>
	Tue, 18 Jun 2024 16:20:53 +0000 (09:20 -0700)
commit	4b23e0c199b20fa6fe9655b3d0e12d6c6f18c27f
tree	f3dbc70a7e363261110e7bd3cc8af36bccc5556c	tree
parent	a6816314af5749cd88944bfdceb270c627cdf348	commit \| diff

KVM: Ensure new code that references immediate_exit gets extra scrutiny

Ensure that any new KVM code that references immediate_exit gets extra
scrutiny by renaming it to immediate_exit__unsafe in kernel code.

All fields in struct kvm_run are subject to TOCTOU races since they are
mapped into userspace, which may be malicious or buggy. To protect KVM,
introduces a new macro that appends __unsafe to select field names in
struct kvm_run, hinting to developers and reviewers that accessing such
fields must be done carefully.

Apply the new macro to immediate_exit, since userspace can make
immediate_exit inconsistent with vcpu->wants_to_run, i.e. accessing
immediate_exit directly could lead to unexpected bugs in the future.

Signed-off-by: David Matlack <dmatlack@google.com>
Link: https://lore.kernel.org/r/20240503181734.1467938-3-dmatlack@google.com
[sean: massage changelog]
Signed-off-by: Sean Christopherson <seanjc@google.com>

include/uapi/linux/kvm.h		diff \| blob \| blame \| history
virt/kvm/kvm_main.c		diff \| blob \| blame \| history