| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 May 2015 16:43:18 -0400
From: Boris Ostrovsky <boris.ostrovsky@...cle.com>
To: Xiao Guangrong <guangrong.xiao@...ux.intel.com>,
pbonzini@...hat.com
CC: gleb@...nel.org, mtosatti@...hat.com, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] KVM: MMU: fix SMAP virtualization
On 05/11/2015 10:55 AM, Xiao Guangrong wrote:
> KVM may turn a user page to a kernel page when kernel writes a readonly
> user page if CR0.WP = 1. This shadow page entry will be reused after
> SMAP is enabled so that kernel is allowed to access this user page
>
> Fix it by setting SMAP && !CR0.WP into shadow page's role and reset mmu
> once CR4.SMAP is updated
>
> Signed-off-by: Xiao Guangrong <guangrong.xiao@...ux.intel.com>
> ---
>
> @@ -4208,12 +4211,18 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
> const u8 *new, int bytes)
> {
> gfn_t gfn = gpa >> PAGE_SHIFT;
> - union kvm_mmu_page_role mask = { .word = 0 };
> struct kvm_mmu_page *sp;
> LIST_HEAD(invalid_list);
> u64 entry, gentry, *spte;
> int npte;
> bool remote_flush, local_flush, zap_page;
> + union kvm_mmu_page_role mask = (union kvm_mmu_page_role) {
> + .cr0_wp = 1,
> + .cr4_pae = 1,
> + .nxe = 1,
> + .smep_andnot_wp = 1,
> + .smap_andnot_wp = 1,
> + };
>
>
This breaks older compilers that can't initialize anon structures.
-boris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists