| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 May 2017 17:13:02 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: Roman Penyaev <roman.penyaev@...fitbricks.com>,
Mikhail Sennikovskii <mikhail.sennikovskii@...fitbricks.com>,
Gleb Natapov <gleb@...nel.org>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, Andy Lutomirski <luto@...capital.net>
Subject: Re: [RFC] KVM: SVM: do not drop VMCB CPL to 0 if SS is not present
On 19/05/2017 18:14, Roman Penyaev wrote:
>
> 1. Simple one, KVM SVM side, which makes sure that CPL is not updated
> if segment is unusable:
>
> --- a/arch/x86/kvm/svm.c
> +++ b/arch/x86/kvm/svm.c
> @@ -1549,7 +1549,7 @@ static void svm_set_segment(struct kvm_vcpu *vcpu,
> * forces SS.DPL to 3 on sysret, so we ignore that case; fixing it
> * would entail passing the CPL to userspace and back.
> */
> - if (seg == VCPU_SREG_SS)
> + if (seg == VCPU_SREG_SS && !var->unusable)
> svm->vmcb->save.cpl = (s->attrib >>
> SVM_SELECTOR_DPL_SHIFT) & 3;
Based on the discussion between you and Andy, my understanding is that
it would not be enough to ensure that the attributes are preserved
across a roundtrip through KVM_GET_SEGMENT and KVM_SET_SEGMENT. We need
a workaround in the hypervisor if we don't want to pass the CPL to
userspace and back.
Maybe if 1) in 64-bit mode 2) SS.P=0 3) SS selector != 0, then the CPL
can be taken from SS.RPL?
Thanks,
Paolo
Powered by blists - more mailing lists