lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170530125420.GA19724@potion>
Date:   Tue, 30 May 2017 14:54:21 +0200
From:   Radim Krčmář <rkrcmar@...hat.com>
To:     Gioh Kim <gi-oh.kim@...fitbricks.com>
Cc:     andre.przywara@....com, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [RFC] KVM: SVM: ignore type when setting segment registers

2017-05-29 15:24+0200, Gioh Kim:
> Current code sets unusable as 1 if present is 1 and type is 0.
> In Long mode, type value in segment descriptor is ignored.
> So I think type should be ignored when setting the segment registers,
> if type means the descriptor type in the segment descriptor.
> 
> Is the type field of struct kvm_segment the descriptor type?

Yes.

> If so, why type is checked when setting segment registers?

No idea.  19bca6ab75d8 ("KVM: SVM: Fix cross vendor migration issue with
unusable bit") also moved the assigment up to initialize it before use
and I think that is enough.

> If the type field is not the descriptor type,
> is it ok to set unusable when present is 1?

Looks like a bug.  type = 0 can be a usable read-only data segment.

> I'm copying a code as following to show what code I'm asking.

Please send it as a patch,

thanks.

> ----------------------------- 8< ---------------------------------
> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> index 5f48f62..0133f6f 100644
> --- a/arch/x86/kvm/svm.c
> +++ b/arch/x86/kvm/svm.c
> @@ -1803,7 +1803,7 @@ static void svm_get_segment(struct kvm_vcpu *vcpu,
>  	 * AMD's VMCB does not have an explicit unusable field, so emulate it
>  	 * for cross vendor migration purposes by "not present"
>  	 */
> -	var->unusable = !var->present || (var->type == 0);
> +	var->unusable = !var->present;
>  
>  	switch (seg) {
>  	case VCPU_SREG_TR:
> -- 
> 2.5.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ