| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Sep 2020 13:09:11 -0400
From: Sasha Levin <sashal@...nel.org>
To: Ajay Kaher <akaher@...are.com>
Cc: gregkh@...uxfoundation.org, alex.williamson@...hat.com,
cohuck@...hat.com, peterx@...hat.com, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, stable@...r.kernel.org,
srivatsab@...are.com, srivatsa@...il.mit.edu,
vsirnapalli@...are.com
Subject: Re: [PATCH v5.4.y 0/3] vfio: Fix for CVE-2020-12888
On Sun, Sep 06, 2020 at 07:37:57PM +0530, Ajay Kaher wrote:
>CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some
>devices may lead to DoS scenario
>
>The VFIO modules allow users (guest VMs) to enable or disable access to the
>devices' MMIO memory address spaces. If a user attempts to access (read/write)
>the devices' MMIO address space when it is disabled, some h/w devices issue an
>interrupt to the CPU to indicate a fatal error condition, crashing the system.
>This flaw allows a guest user or process to crash the host system resulting in
>a denial of service.
>
>Patch 1/ is to force the user fault if PFNMAP vma might be DMA mapped
>before user access.
>
>Patch 2/ setup a vm_ops handler to support dynamic faulting instead of calling
>remap_pfn_range(). Also provides a list of vmas actively mapping the area which
>can later use to invalidate those mappings.
>
>Patch 3/ block the user from accessing memory spaces which is disabled by using
>new vma list support to zap, or invalidate, those memory mappings in order to
>force them to be faulted back in on access.
I've queued this and the 4.19 backports, thanks!
--
Thanks,
Sasha
Powered by blists - more mailing lists