lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Wed, 20 Dec 2017 10:01:14 +0100
From:   Paolo Bonzini <pbonzini@...hat.com>
To:     rhett <rhett.kernel@...il.com>, rkrcmar@...hat.com,
        tglx@...utronix.de, mingo@...hat.com, hpa@...or.com,
        kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] KVM:Hyper-V reduce one kvm_write_guest operation

On 20/12/2017 08:46, rhett wrote:
> in function kvm_hv_setup_tsc_page , the old code write the full tsc_ref
> struct firstly, and write a
> tsc_sequence field later, it can be wirten once.

No, it cannot and this comment says exactly why:

> -       /* Ensure sequence is zero before writing the rest of the struct.  */
> -       smp_wmb();
> -       if (kvm_write_guest(kvm, gfn_to_gpa(gfn), &hv->tsc_ref,
> sizeof(hv->tsc_ref)))
> -               goto out_unlock;
> -
>         /*
>          * Now switch to the TSC page mechanism by writing the sequence.
>          */

The sequence is: disable TSC page, write TSC parameters, enable TSC
page.  If the guest can read a partially-written TSC page, it can return
a wrong time.

Paolo

> @@ -922,7 +917,7 @@ void kvm_hv_setup_tsc_page(struct kvm *kvm,
>  
>         hv->tsc_ref.tsc_sequence = tsc_seq;
>         kvm_write_guest(kvm, gfn_to_gpa(gfn),
> -                       &hv->tsc_ref, sizeof(hv->tsc_ref.tsc_sequence));
> +                       &hv->tsc_ref, sizeof(hv->tsc_ref));
>  out_unlock:
>         mutex_unlock(&kvm->arch.hyperv.hv_lock);
>  }
> -- 
> 1.8.3.1
> 

Powered by blists - more mailing lists