| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Aug 2017 18:40:17 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: Jim Mattson <jmattson@...gle.com>,
Yu Zhang <yu.c.zhang@...ux.intel.com>
Cc: kvm list <kvm@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Radim Krčmář <rkrcmar@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H . Peter Anvin" <hpa@...or.com>, xiaoguangrong@...cent.com,
Joerg Roedel <joro@...tes.org>
Subject: Re: [PATCH v1 1/4] KVM: MMU: check guest CR3 reserved bits based on
its physical address width.
On 14/08/2017 18:13, Jim Mattson wrote:
>> ctxt->ops->get_msr(ctxt, MSR_EFER, &efer);
>> - if (efer & EFER_LMA)
>> - rsvd = CR3_L_MODE_RESERVED_BITS & ~CR3_PCID_INVD;
>> + if (efer & EFER_LMA) {
>> + u64 maxphyaddr;
>> + u32 eax = 0x80000008;
>> +
>> + ctxt->ops->get_cpuid(ctxt, &eax, NULL, NULL, NULL);
>> + maxphyaddr = eax * 0xff;
>
> What if leaf 0x80000008 is not defined?
I noticed this too, but I thought it was mitigated by being under
EFER_LMA. Unfortunately, kvm_set_efer doesn't check
guest_cpuid_has_longmode, so I guess you do have to test leaf 0x80000000
first. Alternatively:
1) kvm_cpuid could return false if it's falling back to
check_cpuid_limit, and emulator_get_cpuid can then be changed to return bool
2) kvm_cpuid and emulator_get_cpuid could gain a new argument to disable
the check_cpuid_limit fallback.
Yu, would you like to implement the latter?
Paolo
Powered by blists - more mailing lists