lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Mon,  4 May 2020 18:23:46 -0700
From:   Sean Christopherson <>
        Greg Kroah-Hartman <>,
        Ben Hutchings <>,
        Sasha Levin <>
Cc:     Paolo Bonzini <>,,
        Tobias Urdin <>
Subject: [PATCH 4.19 STABLE 0/2] KVM: VMX: Fix null pointer dereference

A simple fix for a null pointer dereference in vmx_vcpu_run() with an
ugly-but-safe prereq patch.

The fix also has a wart/hack where it marks RSP as clobbered using
ASM_CALL_CONSTRAINT to workaround an issue where the VM-Exit label isn't
found by _something_ during modpost.  I vaguely recall seeing the same
issue when I first worked on this code a few years back.  I think it was
objtool that was confused, but I can't remember the details for the life
of me.  I don't have more cycles to throw at deciphering the thing, and
marking RSP as clobbered is safe, so I went with the hack.

Alternatively, reverting the offending commit (added in v4.19.119) would
fix the immediate issue, but RDX and RSI technically need to be marked as
clobbered even though it's extremely unlikely the compiler will consume
their bad value.  All of the above ugliness seems preferable to leaving a
known bug in place.

Sean Christopherson (2):
  KVM: VMX: Explicitly reference RCX as the vmx_vcpu pointer in asm
  KVM: VMX: Mark RCX, RDX and RSI as clobbered in vmx_vcpu_run()'s asm

 arch/x86/kvm/vmx.c | 89 +++++++++++++++++++++++++---------------------
 1 file changed, 49 insertions(+), 40 deletions(-)


Powered by blists - more mailing lists