Currently userspace can ask for any uint32 size allocation for the SEV_GET_ID2. Limit this allocation size to the max physically contiguously allocation: MAX_ORDER.
Reported-by: Andy Nguyen theflow@google.com Suggested-by: David Rientjes rientjes@google.com Signed-off-by: Peter Gonda pgonda@google.com Cc: stable@vger.kernel.org Cc: Herbert Xu herbert@gondor.apana.org.au Cc: linux-kernel@vger.kernel.org Cc: linux-crypto@vger.kernel.org Cc: John Allen john.allen@amd.com Cc: Thomas.Lendacky thomas.lendacky@amd.com
--- drivers/crypto/ccp/sev-dev.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 06fc7156c04f..5c16c4406764 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -878,6 +878,10 @@ static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp) if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) return -EFAULT;
+ /* Max length that can be allocated physically contiguously */ + if (get_order(input.length) >= MAX_ORDER) + return -ENOMEM; + input_address = (void __user *)input.address;
if (input.address && input.length) {