lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 21 Aug 2017 15:27:51 +0800
From:   Yu Zhang <yu.c.zhang@...ux.intel.com>
To:     Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org, rkrcmar@...hat.com,
        tglx@...utronix.de, mingo@...hat.com, hpa@...or.com,
        xiaoguangrong@...cent.com, joro@...tes.org
Subject: Re: [PATCH v1 4/4] KVM: MMU: Expose the LA57 feature to VM.



On 8/18/2017 8:50 PM, Paolo Bonzini wrote:
> On 18/08/2017 10:28, Yu Zhang wrote:
>>
>> On 8/17/2017 10:29 PM, Paolo Bonzini wrote:
>>> On 17/08/2017 13:53, Yu Zhang wrote:
>>>> On 8/17/2017 7:57 PM, Paolo Bonzini wrote:
>>>>> On 12/08/2017 15:35, Yu Zhang wrote:
>>>>>> index a98b88a..50107ae 100644
>>>>>> --- a/arch/x86/kvm/emulate.c
>>>>>> +++ b/arch/x86/kvm/emulate.c
>>>>>> @@ -694,7 +694,7 @@ static __always_inline int __linearize(struct
>>>>>> x86_emulate_ctxt *ctxt,
>>>>>>         switch (mode) {
>>>>>>         case X86EMUL_MODE_PROT64:
>>>>>>             *linear = la;
>>>>>> -        if (is_noncanonical_address(la))
>>>>>> +        if (emul_is_noncanonical_address(la, ctxt))
>>>>>>                 goto bad;
>>>>>>               *max_size = min_t(u64, ~0u, (1ull << 48) - la);
>>>>> Oops, you missed one here.  Probably best to use ctxt_virt_addr_bits
>>>>> and
>>>>> then "inline" emul_is_noncanonical_address as "get_canonical(la,
>>>>> va_bits) != la".
>>>> Sorry, I just sent out the v2 patch set without noticing this reply. :-)
>>>>
>>>> The emul_is_noncanonical() is defined in x86.h so that no
>>>> ctxt_virt_addr_bits needed in emulate.c, are you
>>>> suggesting to use ctx_virt_addr_bits in this file each time before
>>>> emul_is_noncanonical_address() is called?
>>> No, only in this instance which uses "48" after the call to
>>> emul_is_noncanonical_address.
>> Sorry, Paolo. I still do not quite get it.
>> Do you mean the
>>   *max_size = min_t(u64, ~0u, (1ull << 48) - la);
>> also need to be changed?
>>
>> But I do not understand why this statement is used like this. My
>> understanding is that
>> for 64 bit scenario, the *max_size is calculated to guarantee la +
>> *max_size still falls in
>> the canonical address space.
>>
>> And if above understanding is correct, I think it should be something
>> like below:
>>    *max_size = min_t(u64, ~0u - la, (1ull << 48) - la);
> The "~0u" part is simply because max_size has 32-bit size (it's an
> unsigned int variable), while (1ull << 48) - la has 64-bit size.  It
> protects from the overflow.

Oh, right. "~0u" is only an unsigned int. Thanks for your clarification. :-)

But what if value of "la" falls in between 0xFFFFFFFFFFFFFFFF and 
0xFFFF000000000000?
(1ull << 48) - la may result in something between 0x1000000000001 and 
0x2000000000000,
and the *max_size would be 4G - 1 in this scenario.
For instance, when "la" is 0xFFFFFFFFFFFFFFF0(unlikely in practice 
though), the *max_size
we are expecting should be 15, instead of 4G - 1.

If above understanding is correct, maybe we should change this code as 
below:
@@ -690,16 +690,21 @@ static __always_inline int __linearize(struct 
x86_emulate_ctxt *ctxt,
         ulong la;
         u32 lim;
         u16 sel;
+       u64 canonical_limit;
+       u8 va_bits;

         la = seg_base(ctxt, addr.seg) + addr.ea;
         *max_size = 0;
         switch (mode) {
         case X86EMUL_MODE_PROT64:
                 *linear = la;
-               if (emul_is_noncanonical_address(la, ctxt))
+               va_bits = ctxt_virt_addr_bits(ctxt);
+               if (get_canonical(la, va_bits) != la)
                         goto bad;

-               *max_size = min_t(u64, ~0u, (1ull << 48) - la);
+               canonical_limit = (la & (1 << va_bits)) ?
+                                 ~0ull : ((1 << va_bits) -1);
+               *max_size = min_t(u64, ~0u, canonical_limit - la + 1);

Does this sound reasonable?
BTW, I did not use min_t(u64, ~0ull - la + 1, (1 << va_bits) - la) here, 
because I still would like to
keep *max_size as an unsigned int, and my previous suggestion may cause 
the return value of
min_t be truncated.

Yu

>> And with LA57, may better be changed to:
>>    *max_size = min_t(u64, ~0u - la, (1ull << ctxt_virt_addr_bits(ctxt)) -
>> la);
>>
>> And for the above
>>    if (emul_is_noncanonical_address(la, ctxt))
>> we may just leave it as it is.
> Yes, exactly.  But since emul_is_noncanonical_address is already using
> ctxt_virt_addr_bits(ctxt), it may make sense to compute
> ctxt_virt_addr_bits(ctxt) once and then reuse it twice, once in
> get_canonical(la, va_bits) != la and once in (1ull << va_bits) - la.
>
> Paolo
>
>> Is this understanding correct? Or did I misunderstand your comments? :-)
>>
>> Thanks
>> Yu
>>> Paolo
>>>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ