diff mbox series

[01/11] KVM: selftests: Fix out-of-bounds reads in CPUID test's array lookups

Message ID 20241003234337.273364-2-seanjc@google.com (mailing list archive)
State New, archived
Headers show
Series KVM: selftests: AVX support + fixes | expand

Commit Message

Sean Christopherson Oct. 3, 2024, 11:43 p.m. UTC
When looking for a "mangled", i.e. dynamic, CPUID entry, terminate the
walk based on the number of array _entries_, not the size in bytes of
the array.  Iterating based on the total size of the array can result in
false passes, e.g. if the random data beyond the array happens to match
a CPUID entry's function and index.

Fixes: fb18d053b7f8 ("selftest: kvm: x86: test KVM_GET_CPUID2 and guest visible CPUIDs against KVM_GET_SUPPORTED_CPUID")
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 tools/testing/selftests/kvm/x86_64/cpuid_test.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Vitaly Kuznetsov Oct. 4, 2024, 8:22 a.m. UTC | #1
Sean Christopherson <seanjc@google.com> writes:

> When looking for a "mangled", i.e. dynamic, CPUID entry, terminate the
> walk based on the number of array _entries_, not the size in bytes of
> the array.  Iterating based on the total size of the array can result in
> false passes, e.g. if the random data beyond the array happens to match
> a CPUID entry's function and index.
>
> Fixes: fb18d053b7f8 ("selftest: kvm: x86: test KVM_GET_CPUID2 and guest visible CPUIDs against KVM_GET_SUPPORTED_CPUID")
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
>  tools/testing/selftests/kvm/x86_64/cpuid_test.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/testing/selftests/kvm/x86_64/cpuid_test.c b/tools/testing/selftests/kvm/x86_64/cpuid_test.c
> index 8c579ce714e9..fec03b11b059 100644
> --- a/tools/testing/selftests/kvm/x86_64/cpuid_test.c
> +++ b/tools/testing/selftests/kvm/x86_64/cpuid_test.c
> @@ -60,7 +60,7 @@ static bool is_cpuid_mangled(const struct kvm_cpuid_entry2 *entrie)
>  {
>  	int i;
>  
> -	for (i = 0; i < sizeof(mangled_cpuids); i++) {
> +	for (i = 0; i < ARRAY_SIZE(mangled_cpuids); i++) {
>  		if (mangled_cpuids[i].function == entrie->function &&
>  		    mangled_cpuids[i].index == entrie->index)
>  			return true;

Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
diff mbox series

Patch

diff --git a/tools/testing/selftests/kvm/x86_64/cpuid_test.c b/tools/testing/selftests/kvm/x86_64/cpuid_test.c
index 8c579ce714e9..fec03b11b059 100644
--- a/tools/testing/selftests/kvm/x86_64/cpuid_test.c
+++ b/tools/testing/selftests/kvm/x86_64/cpuid_test.c
@@ -60,7 +60,7 @@  static bool is_cpuid_mangled(const struct kvm_cpuid_entry2 *entrie)
 {
 	int i;
 
-	for (i = 0; i < sizeof(mangled_cpuids); i++) {
+	for (i = 0; i < ARRAY_SIZE(mangled_cpuids); i++) {
 		if (mangled_cpuids[i].function == entrie->function &&
 		    mangled_cpuids[i].index == entrie->index)
 			return true;