Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
KVM: SEV: Disallow pinning more pages than exist in the system
Explicitly disallow pinning more pages for an SEV VM than exist in the
system to defend against absurd userspace requests without relying on
somewhat arbitrary kernel functionality to prevent truly stupid KVM
behavior. E.g. even with the INT_MAX check, userspace can request that
KVM pin nearly 8TiB of memory, regardless of how much RAM exists in the
system.
Opportunistically rename "locked" to a more descriptive "total_npages".
Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
Tested-by: Liam Merwick <liam.merwick@oracle.com>
Link: https://patch.msgid.link/20260313003302.3136111-4-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
+9
-5
+9
-5
arch/x86/kvm/svm/sev.c
+9
-5
arch/x86/kvm/svm/sev.c
···
680
680
struct kvm_sev_info *sev = to_kvm_sev_info(kvm);
681
681
unsigned long npages, size;
682
682
int npinned;
683
-
unsigned long locked, lock_limit;
683
+
unsigned long total_npages, lock_limit;
684
684
struct page **pages;
685
685
unsigned long first, last;
686
686
int ret;
···
701
701
if (npages > INT_MAX)
702
702
return ERR_PTR(-EINVAL);
703
703
704
-
locked = sev->pages_locked + npages;
704
+
total_npages = sev->pages_locked + npages;
705
+
if (total_npages > totalram_pages())
706
+
return ERR_PTR(-EINVAL);
707
+
705
708
lock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
706
-
if (locked > lock_limit && !capable(CAP_IPC_LOCK)) {
707
-
pr_err("SEV: %lu locked pages exceed the lock limit of %lu.\n", locked, lock_limit);
709
+
if (total_npages > lock_limit && !capable(CAP_IPC_LOCK)) {
710
+
pr_err("SEV: %lu total pages would exceed the lock limit of %lu.\n",
711
+
total_npages, lock_limit);
708
712
return ERR_PTR(-ENOMEM);
709
713
}
710
714
···
731
727
}
732
728
733
729
*n = npages;
734
-
sev->pages_locked = locked;
730
+
sev->pages_locked = total_npages;
735
731
736
732
return pages;
737
733