| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Aug 2018 10:44:36 +0200
From: David Hildenbrand <david@...hat.com>
To: pmorel@...ux.ibm.com
Cc: linux-kernel@...r.kernel.org, cohuck@...hat.com,
linux-s390@...r.kernel.org, kvm@...r.kernel.org,
frankja@...ux.ibm.com, akrowiak@...ux.ibm.com,
borntraeger@...ibm.com, schwidefsky@...ibm.com,
heiko.carstens@...ibm.com
Subject: Re: [PATCH] KVM: s390: vsie: Consolidate CRYCB validation
On 22.08.2018 10:41, Pierre Morel wrote:
> On 22/08/2018 10:25, David Hildenbrand wrote:
>> On 22.08.2018 10:08, Pierre Morel wrote:
>>> Currently when shadowing the CRYCB on SIE entrance, the validation
>>> tests the following:
>>> - accept only FORMAT1 or FORMAT2
>>> - test if MSAext facility (76) is installed
>>> - accept the CRYCB if no keys are used
>>> - verifies that the CRYCB format1 is inside a page
>>> - verifies that the CRYCB origin is not 0
>>>
>>> This is not following the architecture.
>> I have to trust you on that :)
>>
>>> On SIE entrance, the CRYCB must be validated before accepting
>>> any of its entries.
>>>
>>> Let's do the validation in the right order and also verify
>>> correctly the FORMAT2 CRYCB.
>> With which facility was FORMAT2 introduced?
> With APXA.
> KVM initialization setup CRYCB format according to the presence
> of APXA for FORMAT2 or FORMAT1
As our guest does not see APXA, why should it be allowed to make use of
FORMAT2 here already?
In my opinion, the size check you are adding is in the current state not
correct.
--
Thanks,
David / dhildenb
Powered by blists - more mailing lists