On 7/22/19 12:12 PM, Cfir Cohen wrote:
> In addition, it seems that svm_page_enc_status_hc() accepts 'gpa',
> 'npages', 'enc' directly from the guest, and so these can take
> arbitrary values. A very large 'npages' could lead to an int overflow
> in 'gfn_end = gfn_start + npages', making gfn_end
On 7/21/19 3:57 PM, David Rientjes wrote:
> On Wed, 10 Jul 2019, Singh, Brijesh wrote:
>
>> diff --git a/Documentation/virtual/kvm/hypercalls.txt
>> b/Documentation/virtual/kvm/hypercalls.txt
>> index da24c138c8d1..94f0611f4d88 100644
>> --- a/Documentation/virtual/kvm/hypercalls.txt
>> +++
In addition, it seems that svm_page_enc_status_hc() accepts 'gpa',
'npages', 'enc' directly from the guest, and so these can take
arbitrary values. A very large 'npages' could lead to an int overflow
in 'gfn_end = gfn_start + npages', making gfn_end < gfn_start. This
could an OOB access in the
On Wed, 10 Jul 2019, Singh, Brijesh wrote:
> diff --git a/Documentation/virtual/kvm/hypercalls.txt
> b/Documentation/virtual/kvm/hypercalls.txt
> index da24c138c8d1..94f0611f4d88 100644
> --- a/Documentation/virtual/kvm/hypercalls.txt
> +++ b/Documentation/virtual/kvm/hypercalls.txt
> @@ -141,3
This hypercall is used by the SEV guest to notify a change in the page
encryption status to the hypervisor. The hypercall should be invoked
only when the encryption attribute is changed from encrypted -> decrypted
and vice versa. By default all guest pages are considered encrypted.
Cc: Thomas
5 matches
Mail list logo