Revert "KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)"

BugLink: https://bugs.launchpad.net/bugs/1858489 This reverts commit fa1742ad in favor of the upstream stable version. Signed-off-by: Connor Kuehl <connor.kuehl@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

Revert "KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)"
BugLink: https://bugs.launchpad.net/bugs/1858489 This reverts commit fa1742ad in favor of the upstream stable version. Signed-off-by: Connor Kuehl <connor.kuehl@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
65cf5cb1 · Connor Kuehl · Kleber Sacilotto de Souza · bbe0674e · 65cf5cb1
Commit 65cf5cb1 authored Jan 06, 2020 by Connor Kuehl Committed by Kleber Sacilotto de Souza Jan 07, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 4 deletions

arch/x86/kvm/cpuid.c arch/x86/kvm/cpuid.c +1 -4

No files found.
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -375,7 +375,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,

 	r = -E2BIG;

-	if (WARN_ON(*nent >= maxnent))
+	if (*nent >= maxnent)
 		goto out;

 	do_cpuid_1_ent(entry, function, index);
@@ -670,9 +670,6 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
 static int do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 func,
 			u32 idx, int *nent, int maxnent, unsigned int type)
 {
-	if (*nent >= maxnent)
-		return -E2BIG;
-
 	if (type == KVM_GET_EMULATED_CPUID)
 		return __do_cpuid_ent_emulated(entry, func, idx, nent, maxnent);