| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20191106174652.GE16249@linux.intel.com>
Date: Wed, 6 Nov 2019 09:46:52 -0800
From: Sean Christopherson <sean.j.christopherson@...el.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: Radim Krčmář <rkrcmar@...hat.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Joerg Roedel <joro@...tes.org>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, Adam Borowski <kilobyte@...band.pl>,
David Hildenbrand <david@...hat.com>,
Dan Williams <dan.j.williams@...el.com>
Subject: Re: [PATCH 1/2] KVM: MMU: Do not treat ZONE_DEVICE pages as being
reserved
On Wed, Nov 06, 2019 at 06:14:40PM +0100, Paolo Bonzini wrote:
> On 06/11/19 18:07, Sean Christopherson wrote:
> > void kvm_get_pfn(kvm_pfn_t pfn)
> > {
> > - if (!kvm_is_reserved_pfn(pfn))
> > + if (!kvm_is_reserved_pfn(pfn) && !WARN_ON(kvm_is_zone_device_pfn(pfn)))
> > get_page(pfn_to_page(pfn));
> > }
> > EXPORT_SYMBOL_GPL(kvm_get_pfn);
>
> Can you call remap_pfn_range with a source address that is ZONE_DEVICE?
> If so, you would get a WARN from the kvm_get_pfn call in
> hva_to_pfn_remapped.
I don't know, at a quick glance I'm guessing it's possible via /dev/mem?
But, get_page() isn't sufficient to properly grab a ZONE_DEVICE page, so
the WARN is a good thing and intentional.
So assuming the answer is "yes", perhaps hva_to_pfn_remapped() should
adds its own check on kvm_is_zone_device_pfn() and return -EINVAL or
something? That'd likely end up kill the guest, but wouldn't break the
kernel.
Powered by blists - more mailing lists