lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Dec 2020 11:03:02 +0900 From: Masami Hiramatsu <mhiramat@...nel.org> To: Kees Cook <keescook@...omium.org> Cc: Tom Lendacky <thomas.lendacky@....com>, Masami Hiramatsu <mhiramat@...nel.org>, x86@...nel.org, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...nel.org>, Borislav Petkov <bp@...en8.de>, "H . Peter Anvin" <hpa@...or.com>, Joerg Roedel <jroedel@...e.de>, "Gustavo A . R . Silva" <gustavoars@...nel.org>, Jann Horn <jannh@...gle.com>, Srikar Dronamraju <srikar@...ux.vnet.ibm.com>, Ricardo Neri <ricardo.neri-calderon@...ux.intel.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH 1/3] x86/sev-es: Fix not using prefixes.nbytes for loop over prefixes.bytes On Wed, 2 Dec 2020 11:07:26 -0800 Kees Cook <keescook@...omium.org> wrote: > On Wed, Dec 02, 2020 at 09:31:57AM -0600, Tom Lendacky wrote: > > On 12/2/20 2:51 AM, Masami Hiramatsu wrote: > > > Since the insn.prefixes.nbytes can be bigger than the size of > > > insn.prefixes.bytes[] when a same prefix is repeated, we have to > > > check whether the insn.prefixes.bytes[i] != 0 and i < 4 instead > > > of insn.prefixes.nbytes. > > > > > > Fixes: 25189d08e516 ("x86/sev-es: Add support for handling IOIO exceptions") > > > Reported-by: Kees Cook <keescook@...omium.org> > > > Signed-off-by: Masami Hiramatsu <mhiramat@...nel.org> > > > --- > > > arch/x86/boot/compressed/sev-es.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/arch/x86/boot/compressed/sev-es.c b/arch/x86/boot/compressed/sev-es.c > > > index 954cb2702e23..6a7a3027c9ac 100644 > > > --- a/arch/x86/boot/compressed/sev-es.c > > > +++ b/arch/x86/boot/compressed/sev-es.c > > > @@ -36,7 +36,7 @@ static bool insn_has_rep_prefix(struct insn *insn) > > > insn_get_prefixes(insn); > > > - for (i = 0; i < insn->prefixes.nbytes; i++) { > > > + for (i = 0; insn->prefixes.bytes[i] && i < 4; i++) { > > You must test "i" before bytes[i] or you still do the out-of-bounds-read. Oops, thanks. > > > > > Wouldn't it be better to create a #define for the size rather than hard > > coding 4 in the various files? That would protect everything should the > > bytes array size ever change in the future. > > Agreed, and perhaps instead of repeating the idiom in the for loop, add > a helper like: > > #define insn_prefix_valid(prefixes, i) (i >=0 && i < 4 && prefixes->bytes[i]) > > to be used like: > > for (i = 0; insn_prefix_valid(&insn->prefixes, i); i++) { Hm, for all of these usage, they are looping on the prefixes, so for_each_insn_prefix(insn, idx, prefix) { ... } will be simpler. Thank you, > > > > > Thanks, > > Tom > > > > > insn_byte_t p = insn->prefixes.bytes[i]; > > > if (p == 0xf2 || p == 0xf3) > > > > > -- > Kees Cook -- Masami Hiramatsu <mhiramat@...nel.org>
Powered by blists - more mailing lists