lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <88fa28cd-6d81-6f88-871c-484973b98292@redhat.com>
Date:   Fri, 25 Nov 2016 16:11:29 +0100
From:   David Hildenbrand <david@...hat.com>
To:     Radim Krčmář <rkrcmar@...hat.com>,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Cc:     Paolo Bonzini <pbonzini@...hat.com>
Subject: Re: [PATCH] KVM: x86: restrict maximal physical address

Am 25.11.2016 um 15:51 schrieb Radim Krčmář:
> The guest could have configured a maximal physical address that exceeds
> the host.  Prevent that situation as it could easily lead to a bug.
>
> Signed-off-by: Radim Krčmář <rkrcmar@...hat.com>
> ---
>  arch/x86/kvm/cpuid.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> index 25f0f15fab1a..aed910e9fbed 100644
> --- a/arch/x86/kvm/cpuid.c
> +++ b/arch/x86/kvm/cpuid.c
> @@ -136,7 +136,13 @@ int kvm_update_cpuid(struct kvm_vcpu *vcpu)
>  		((best->eax & 0xff00) >> 8) != 0)
>  		return -EINVAL;
>
> -	/* Update physical-address width */
> +
> +	/*
> +	 * Update physical-address width.
> +	 * Make sure that it does not exceed hardware capabilities.
> +	 */
> +	if (cpuid_query_maxphyaddr(vcpu) > boot_cpu_data.x86_phys_bits)

The name maxphyaddr is really misleading. But that is a different story. 
This check is correct.

However, I wonder if there is any way for user space to query this 
property? On s390x, there is a kvm capability to export this information 
to user space. So QEMU can fail (e.g. migration) with a nice error 
message about missing hardware support.

(most probably we still want to block this case, as migration will seem 
to work but than simply fail due to missing hardware support I guess). 
Maybe there is also already a nice check in QEMU that I am not yet aware 
of :)

> +		return -EINVAL;
>  	vcpu->arch.maxphyaddr = cpuid_query_maxphyaddr(vcpu);
>
>  	kvm_pmu_refresh(vcpu);
>


-- 

David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ