lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4C7FC91A.5030305@redhat.com>
Date:	Thu, 02 Sep 2010 18:56:10 +0300
From:	Avi Kivity <avi@...hat.com>
To:	Joerg Roedel <joerg.roedel@....com>
CC:	Marcelo Tosatti <mtosatti@...hat.com>, kvm@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/3] KVM: MMU: Fix 32 bit legacy paging with NPT

  On 09/02/2010 06:29 PM, Joerg Roedel wrote:
> This patch fixes 32 bit legacy paging with NPT enabled. The
> mmu_check_root call on the top-level of the loop causes
> root_gfn to take values (in the tdp_enabled path) which are
> outside of guest memory. So the mmu_check_root call fails at
> some point in the loop interation causing the guest to
> tiple-fault.
> This patch changes the mmu_check_root calls to the places
> where they are really necessary. As a side-effect it
> introduces a check for the root of a pae page table too.
>
>
> @@ -2387,6 +2387,10 @@ static int mmu_alloc_roots(struct kvm_vcpu *vcpu)
>   		return 0;
>   	}
>   	direct = !is_paging(vcpu);
> +
> +	if (mmu_check_root(vcpu, root_gfn))
> +		return 1;
> +
>   	for (i = 0; i<  4; ++i) {
>   		hpa_t root = vcpu->arch.mmu.pae_root[i];
>
> @@ -2398,10 +2402,10 @@ static int mmu_alloc_roots(struct kvm_vcpu *vcpu)
>   				continue;
>   			}
>   			root_gfn = pdptr>>  PAGE_SHIFT;
> +			if (mmu_check_root(vcpu, root_gfn))
> +				return 1;
>   		} else if (vcpu->arch.mmu.root_level == 0)
>   			root_gfn = 0;
> -		if (mmu_check_root(vcpu, root_gfn))
> -			return 1;
>   		if (tdp_enabled) {
>   			direct = 1;
>   			root_gfn = i<<  30;

The overloading of root_gfn is pretty bad.  Also, we don't really need 
to check root_gfn for the direct case (the guest can easily switch cr3 
later to one that would fail the check).

However, I'll apply the patch since it fixes the direct problem.  More 
involved fixes can come later (esp. after the nnpt patches land).


-- 
error compiling committee.c: too many arguments to function

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ