lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed,  6 Mar 2019 10:50:46 -0500
From:   Nitesh Narayan Lal <nitesh@...hat.com>
To:     kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-mm@...ck.org, pbonzini@...hat.com, lcapitulino@...hat.com,
        pagupta@...hat.com, wei.w.wang@...el.com, yang.zhang.wz@...il.com,
        riel@...riel.com, david@...hat.com, mst@...hat.com,
        dodgen@...gle.com, konrad.wilk@...cle.com, dhildenb@...hat.com,
        aarcange@...hat.com, alexander.duyck@...il.com
Subject: [RFC][Patch v9 4/6] KVM: Reporting page poisoning value to the host

This patch enables the kernel to report the page poisoning value
to the host by using VIRTIO_BALLOON_F_PAGE_POISON feature.
Page Poisoning is a feature in which the page is filled with a specific
pattern of (0x00 or 0xaa) after freeing and the same is verified
before allocation to prevent following issues:
    *information leak from the freed data
    *use after free bugs
    *memory corruption
The issue arises when the pattern used for Page Poisoning is 0xaa while
the newly allocated page received from the host by the guest is
filled with the pattern 0x00. This will result in memory corruption errors.

Signed-off-by: Nitesh Narayan Lal <nitesh@...hat.com>
---
 drivers/virtio/virtio_balloon.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c
index cfe7574b5204..e82c72cd916b 100644
--- a/drivers/virtio/virtio_balloon.c
+++ b/drivers/virtio/virtio_balloon.c
@@ -970,6 +970,11 @@ static int virtballoon_probe(struct virtio_device *vdev)
 	}
 
 #ifdef CONFIG_KVM_FREE_PAGE_HINTING
+	if (virtio_has_feature(vdev, VIRTIO_BALLOON_F_PAGE_POISON)) {
+		memset(&poison_val, PAGE_POISON, sizeof(poison_val));
+		virtio_cwrite(vb->vdev, struct virtio_balloon_config,
+			      poison_val, &poison_val);
+	}
 	if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_HINTING))
 		enable_hinting(vb);
 #endif
-- 
2.17.2

Powered by blists - more mailing lists