]> git.ipfire.org Git - thirdparty/linux.git/commit
KVM: s390: Fix dat_peek_cmma() overflow
authorClaudio Imbrenda <imbrenda@linux.ibm.com>
Tue, 23 Jun 2026 15:33:23 +0000 (17:33 +0200)
committerClaudio Imbrenda <imbrenda@linux.ibm.com>
Wed, 24 Jun 2026 08:08:56 +0000 (10:08 +0200)
commit7a386efcb2bf986e0c9011e92a78aed0870b08cf
tree233093eb51cb8d00a2b00d99144df42b9793b8d7
parentd4bb00704a66024502261fa7a523c07420249fea
KVM: s390: Fix dat_peek_cmma() overflow

If userspace passes a start address that is out of bounds,
_dat_walk_gfn_range() will fail with -EFAULT, but state.end will not be
touched and will stay 0. This will cause *count to underflow and report
a very high number, and the function will end up erroneously reporting
success.

Fix by only setting *count if the end address is not smaller than the
starting address. This way invalid starting addresses will correctly
return -EFAULT and *count will correctly indicate that no values have
been returned.

Fixes: 7b368470e1a4 ("KVM: s390: KVM page table management functions: CMMA")
Reviewed-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Message-ID: <20260623153331.233784-3-imbrenda@linux.ibm.com>
arch/s390/kvm/dat.c