lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1515531365-37423-33-git-send-email-keescook@chromium.org>
Date:   Tue,  9 Jan 2018 12:56:01 -0800
From:   Kees Cook <keescook@...omium.org>
To:     linux-kernel@...r.kernel.org
Cc:     Kees Cook <keescook@...omium.org>,
        Paolo Bonzini <pbonzini@...hat.com>,
        kernel-hardening@...ts.openwall.com,
        Christian Borntraeger <borntraeger@...hat.com>,
        Christoffer Dall <cdall@...aro.org>,
        Radim Krčmář <rkrcmar@...hat.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        David Windsor <dave@...lcore.net>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Andy Lutomirski <luto@...nel.org>,
        Christoph Hellwig <hch@...radead.org>,
        Christoph Lameter <cl@...ux.com>,
        "David S. Miller" <davem@...emloft.net>,
        Laura Abbott <labbott@...hat.com>,
        Mark Rutland <mark.rutland@....com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>,
        Christian Borntraeger <borntraeger@...ibm.com>,
        Christoffer Dall <christoffer.dall@...aro.org>,
        Dave Kleikamp <dave.kleikamp@...cle.com>,
        Jan Kara <jack@...e.cz>,
        Luis de Bethencourt <luisbg@...nel.org>,
        Marc Zyngier <marc.zyngier@....com>,
        Rik van Riel <riel@...hat.com>,
        Matthew Garrett <mjg59@...gle.com>,
        linux-fsdevel@...r.kernel.org, linux-arch@...r.kernel.org,
        netdev@...r.kernel.org, linux-mm@...ck.org
Subject: [PATCH 32/36] kvm: whitelist struct kvm_vcpu_arch

From: Paolo Bonzini <pbonzini@...hat.com>

On x86, ARM and s390, struct kvm_vcpu_arch has a usercopy region
that is read and written by the KVM_GET/SET_CPUID2 ioctls (x86)
or KVM_GET/SET_ONE_REG (ARM/s390).  Without whitelisting the area,
KVM is completely broken on those architectures with usercopy hardening
enabled.

For now, allow writing to the entire struct on all architectures.
The KVM tree will not refine this to an architecture-specific
subset of struct kvm_vcpu_arch.

Cc: kernel-hardening@...ts.openwall.com
Cc: Kees Cook <keescook@...omium.org>
Cc: Christian Borntraeger <borntraeger@...hat.com>
Cc: Christoffer Dall <cdall@...aro.org>
Cc: Radim Krčmář <rkrcmar@...hat.com>
Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>
Acked-by: Christoffer Dall <christoffer.dall@...aro.org>
Acked-by: Marc Zyngier <marc.zyngier@....com>
Acked-by: Christian Borntraeger <borntraeger@...ibm.com>
Signed-off-by: Kees Cook <keescook@...omium.org>
---
 virt/kvm/kvm_main.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index c422c10cd1dd..96689967f5c3 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -4029,8 +4029,12 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
 	/* A kmem cache lets us meet the alignment requirements of fx_save. */
 	if (!vcpu_align)
 		vcpu_align = __alignof__(struct kvm_vcpu);
-	kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align,
-					   SLAB_ACCOUNT, NULL);
+	kvm_vcpu_cache =
+		kmem_cache_create_usercopy("kvm_vcpu", vcpu_size, vcpu_align,
+					   SLAB_ACCOUNT,
+					   offsetof(struct kvm_vcpu, arch),
+					   sizeof_field(struct kvm_vcpu, arch),
+					   NULL);
 	if (!kvm_vcpu_cache) {
 		r = -ENOMEM;
 		goto out_free_3;
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ