| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f5107037-63b2-a745-1c3e-ba1960bc507b@redhat.com>
Date: Mon, 15 Feb 2021 20:04:27 +0100
From: Paolo Bonzini <pbonzini@...hat.com>
To: Pavel Machek <pavel@....cz>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: linux-kernel@...r.kernel.org, stable@...r.kernel.org,
Sean Christopherson <seanjc@...gle.com>,
Sasha Levin <sashal@...nel.org>
Subject: Re: [PATCH 5.10 048/104] KVM: x86: cleanup CR3 reserved bits checks
On 15/02/21 19:46, Pavel Machek wrote:
> Hi!
>
>> [ Upstream commit c1c35cf78bfab31b8cb455259524395c9e4c7cd6 ]
>>
>> If not in long mode, the low bits of CR3 are reserved but not enforced to
>> be zero, so remove those checks. If in long mode, however, the MBZ bits
>> extend down to the highest physical address bit of the guest, excluding
>> the encryption bit.
>>
>> Make the checks consistent with the above, and match them between
>> nested_vmcb_checks and KVM_SET_SREGS.
>
>> +++ b/arch/x86/kvm/x86.c
>> @@ -9558,6 +9558,8 @@ static int kvm_valid_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs)
>> if (!(sregs->cr4 & X86_CR4_PAE)
>> || !(sregs->efer & EFER_LMA))
>> return -EINVAL;
>> + if (sregs->cr3 & vcpu->arch.cr3_lm_rsvd_bits)
>> + return false;
>> } else {
>
> Function has different return type between 5.10 and 5.11, so this
> needs fixing.
I'll check that c1c35cf78bfab31b8cb455259524395c9e4c7cd6 is enough and
send either a backport of that one, or a fixed patch for <= 5.10.
Thanks Pavel.
Paolo
Powered by blists - more mailing lists