lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170529202943.k3kx7z2c2hbyd7ye@lostoracle.net>
Date:   Mon, 29 May 2017 13:29:43 -0700
From:   Nick Desaulniers <nick.desaulniers@...il.com>
To:     kbuild test robot <lkp@...el.com>
Cc:     kbuild-all@...org, Paolo Bonzini <pbonzini@...hat.com>,
        Radim Krčmář <rkrcmar@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
        kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] KVM: x86: avoid large stack allocations in em_fxrstor

On Tue, May 30, 2017 at 04:14:50AM +0800, kbuild test robot wrote:
>    arch/x86/kvm/emulate.c: In function 'em_fxrstor':
> >> arch/x86/kvm/emulate.c:4015:5: warning: 'size' may be used uninitialized in this function [-Wmaybe-uninitialized]
>      rc = segmented_read_std(ctxt, ctxt->memop.addr.mem, &fx_state, size);
>      ~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I definitely thought about this before submitting.  size is initialized
in the case ctxt->mode < X86EMUL_MODE_PROT64, and
ctxt->mode == X86EMUL_MODE_PROT64, but uninitialized in the case
ctxt->mode > X86EMUL_MODE_PROT64.

Paulo mentions this is impossible in:

https://lkml.org/lkml/2017/5/26/62

>>> ctxt->mode is never > X86EMUL_MODE_PROT64
>>> (see the definition of enum x86emul_mode in
>>> arch/x86/include/asm/kvm_emulate.h.)

>From arch/x86/include/asm/kvm_emulate.h:

272 enum x86emul_mode {
273   X86EMUL_MODE_REAL,  /* Real mode.             */
274   X86EMUL_MODE_VM86,  /* Virtual 8086 mode.     */
275   X86EMUL_MODE_PROT16,  /* 16-bit protected mode. */
276   X86EMUL_MODE_PROT32,  /* 32-bit protected mode. */
277   X86EMUL_MODE_PROT64,  /* 64-bit (long) mode.    */
278 };

I would still rather err on the side of safety, and initialize the
variable. So I will submit a v3 initializing size to 0, and check that
size was set to a reasonable value at some point before invoke
segmented_read_std.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ