ptp: Fix ptp_kvm_getcrosststamp issue for x86 ptp_kvm

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

hv_clock is preallocated to have only HVC_BOOT_ARRAY_SIZE (64) elements;
if the PTP_SYS_OFFSET_PRECISE ioctl is executed on vCPUs whose index is
64 of higher, retrieving the struct pvclock_vcpu_time_info pointer with
"src = &hv_clock[cpu].pvti" will result in an out-of-bounds access and
a wild pointer. Change it to "this_cpu_pvti()" which is guaranteed to
be valid.

Fixes: 95a3d4454bb1 ("Switch kvmclock data to a PER_CPU variable")
Signed-off-by: Zelin Deng <zelin.deng@linux.alibaba.com>
Cc: <stable@vger.kernel.org>
Message-Id: <1632892429-101194-3-git-send-email-zelin.deng@linux.alibaba.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

authored by

Zelin Deng and committed by

Paolo Bonzini 4 years ago 773e89ab ad9af930

+2 -7

1 changed file

expand all

drivers

ptp

ptp_kvm_x86.c

+2 -7

drivers/ptp/ptp_kvm_x86.c

··· 15 15 #include <linux/ptp_clock_kernel.h> 16 16 #include <linux/ptp_kvm.h> 17 17 18 - struct pvclock_vsyscall_time_info *hv_clock; 19 - 20 18 static phys_addr_t clock_pair_gpa; 21 19 static struct kvm_clock_pairing clock_pair; 22 20 ··· 26 28 return -ENODEV; 27 29 28 30 clock_pair_gpa = slow_virt_to_phys(&clock_pair); 29 - hv_clock = pvclock_get_pvti_cpu0_va(); 30 - if (!hv_clock) 31 + if (!pvclock_get_pvti_cpu0_va()) 31 32 return -ENODEV; 32 33 33 34 ret = kvm_hypercall2(KVM_HC_CLOCK_PAIRING, clock_pair_gpa, ··· 61 64 struct pvclock_vcpu_time_info *src; 62 65 unsigned int version; 63 66 long ret; 64 - int cpu; 65 67 66 - cpu = smp_processor_id(); 67 - src = &hv_clock[cpu].pvti; 68 + src = this_cpu_pvti(); 68 69 69 70 do { 70 71 /*

Configure Feed

Configure Feed