| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Dec 2017 10:01:14 +0100
From: Paolo Bonzini <pbonzini@...hat.com>
To: rhett <rhett.kernel@...il.com>, rkrcmar@...hat.com,
tglx@...utronix.de, mingo@...hat.com, hpa@...or.com,
kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] KVM:Hyper-V reduce one kvm_write_guest operation
On 20/12/2017 08:46, rhett wrote:
> in function kvm_hv_setup_tsc_page , the old code write the full tsc_ref
> struct firstly, and write a
> tsc_sequence field later, it can be wirten once.
No, it cannot and this comment says exactly why:
> - /* Ensure sequence is zero before writing the rest of the struct. */
> - smp_wmb();
> - if (kvm_write_guest(kvm, gfn_to_gpa(gfn), &hv->tsc_ref,
> sizeof(hv->tsc_ref)))
> - goto out_unlock;
> -
> /*
> * Now switch to the TSC page mechanism by writing the sequence.
> */
The sequence is: disable TSC page, write TSC parameters, enable TSC
page. If the guest can read a partially-written TSC page, it can return
a wrong time.
Paolo
> @@ -922,7 +917,7 @@ void kvm_hv_setup_tsc_page(struct kvm *kvm,
>
> hv->tsc_ref.tsc_sequence = tsc_seq;
> kvm_write_guest(kvm, gfn_to_gpa(gfn),
> - &hv->tsc_ref, sizeof(hv->tsc_ref.tsc_sequence));
> + &hv->tsc_ref, sizeof(hv->tsc_ref));
> out_unlock:
> mutex_unlock(&kvm->arch.hyperv.hv_lock);
> }
> --
> 1.8.3.1
>
Powered by blists - more mailing lists