| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200523092351.GE27431@zn.tnic>
Date: Sat, 23 May 2020 11:23:51 +0200
From: Borislav Petkov <bp@...en8.de>
To: Joerg Roedel <joro@...tes.org>
Cc: x86@...nel.org, hpa@...or.com, Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Peter Zijlstra <peterz@...radead.org>,
Thomas Hellstrom <thellstrom@...are.com>,
Jiri Slaby <jslaby@...e.cz>,
Dan Williams <dan.j.williams@...el.com>,
Tom Lendacky <thomas.lendacky@....com>,
Juergen Gross <jgross@...e.com>,
Kees Cook <keescook@...omium.org>,
David Rientjes <rientjes@...gle.com>,
Cfir Cohen <cfir@...gle.com>,
Erdem Aktas <erdemaktas@...gle.com>,
Masami Hiramatsu <mhiramat@...nel.org>,
Mike Stunes <mstunes@...are.com>,
Joerg Roedel <jroedel@...e.de>, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org, virtualization@...ts.linux-foundation.org
Subject: Re: [PATCH v3 49/75] x86/sev-es: Handle instruction fetches from
user-space
On Tue, Apr 28, 2020 at 05:16:59PM +0200, Joerg Roedel wrote:
> From: Joerg Roedel <jroedel@...e.de>
>
> When a #VC exception is triggered by user-space the instruction decoder
> needs to read the instruction bytes from user addresses. Enhance
> vc_decode_insn() to safely fetch kernel and user instructions.
>
> Signed-off-by: Joerg Roedel <jroedel@...e.de>
> ---
> arch/x86/kernel/sev-es.c | 31 ++++++++++++++++++++++---------
> 1 file changed, 22 insertions(+), 9 deletions(-)
>
> diff --git a/arch/x86/kernel/sev-es.c b/arch/x86/kernel/sev-es.c
> index 85027fb4177e..c2223c2a28c2 100644
> --- a/arch/x86/kernel/sev-es.c
> +++ b/arch/x86/kernel/sev-es.c
> @@ -165,17 +165,30 @@ static enum es_result vc_decode_insn(struct es_em_ctxt *ctxt)
> enum es_result ret;
> int res;
>
> - res = vc_fetch_insn_kernel(ctxt, buffer);
> - if (unlikely(res == -EFAULT)) {
Let's also test for 0 in case the probe_read* guts get changed and start
returning so other errval besides -EFAULT.
> - ctxt->fi.vector = X86_TRAP_PF;
> - ctxt->fi.error_code = 0;
> - ctxt->fi.cr2 = ctxt->regs->ip;
> - return ES_EXCEPTION;
> + if (!user_mode(ctxt->regs)) {
Flip that check so that it reads more naturally:
if (user_mode(..)
insn_fetch_from_user()
...
} else {
vc_fetch_insn_kernel()
}
> + res = vc_fetch_insn_kernel(ctxt, buffer);
> + if (unlikely(res == -EFAULT)) {
> + ctxt->fi.vector = X86_TRAP_PF;
> + ctxt->fi.error_code = 0;
> + ctxt->fi.cr2 = ctxt->regs->ip;
> + return ES_EXCEPTION;
> + }
> +
> + insn_init(&ctxt->insn, buffer, MAX_INSN_SIZE - res, 1);
> + insn_get_length(&ctxt->insn);
> + } else {
> + res = insn_fetch_from_user(ctxt->regs, buffer);
> + if (res == 0) {
if (!res)
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists