| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8ba02f98-045d-a089-cb7e-8d0b613f76e7@redhat.com>
Date: Sun, 30 Aug 2020 11:52:50 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: Sean Christopherson <sean.j.christopherson@...el.com>,
Jim Mattson <jmattson@...gle.com>
Cc: Vitaly Kuznetsov <vkuznets@...hat.com>,
kvm list <kvm@...r.kernel.org>,
Wanpeng Li <wanpengli@...cent.com>,
Peter Shier <pshier@...gle.com>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] KVM: nVMX: fix the layout of struct
kvm_vmx_nested_state_hdr
On 27/08/20 22:40, Sean Christopherson wrote:
> Paolo pushed an alternative solution for 5.8, commit 5e105c88ab485 ("KVM:
> nVMX: check for invalid hdr.vmx.flags"). His argument was that there was
> no point in adding proper padding since we already broke the ABI, i.e.
> damage done.
>
> So rather than pad the struct, which doesn't magically fix the ABI for old
> userspace, just check for unsupported flags. That gives decent odds of
> failing the ioctl() for old userspace if it's passing garbage (through no
> fault of its own), prevents new userspace from setting unsupported flags,
> and allows KVM to grow the struct by conditioning consumption of new fields
> on an associated flag.
In general userspace (as a hygiene/future-proofing measure) should
generally zero the contents of structs before filling in some fields
only. There was no guarantee that smm wouldn't grow new fields that
would have occupied the padding, for example. The general solution we
use is flags fields and checking them.
(The original KVM_GET/SET_NESTED_STATE patches did add a generic flags
fields, but not a VMX-specific one field).
Paolo
Powered by blists - more mailing lists