| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Aug 2021 17:17:44 +0100
From: Alexandru Elisei <alexandru.elisei@....com>
To: maz@...nel.org, james.morse@....com, suzuki.poulose@....com,
linux-arm-kernel@...ts.infradead.org, kvmarm@...ts.cs.columbia.edu,
will@...nel.org, linux-kernel@...r.kernel.org
Subject: [RFC PATCH v4 08/39] KVM: arm64: Deny changes to locked memslots
Forbid userspace from making changes to a locked memslot. If userspace
wants to modify a locked memslot, then they will need to unlock it.
One special case is allowed: memslots locked for read, but not for write,
can have dirty page logging turned on.
Signed-off-by: Alexandru Elisei <alexandru.elisei@....com>
---
arch/arm64/kvm/mmu.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
index 27b7befd4fa9..3ab8eba808ae 100644
--- a/arch/arm64/kvm/mmu.c
+++ b/arch/arm64/kvm/mmu.c
@@ -1842,8 +1842,23 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
{
hva_t hva = mem->userspace_addr;
hva_t reg_end = hva + mem->memory_size;
+ struct kvm_memory_slot *old;
int ret = 0;
+ /*
+ * Forbid all changes to locked memslots with the exception of turning
+ * on dirty page logging for memslots locked only for reads.
+ */
+ old = id_to_memslot(kvm_memslots(kvm), memslot->id);
+ if (old && memslot_is_locked(old)) {
+ if (change == KVM_MR_FLAGS_ONLY &&
+ memslot_is_logging(memslot) &&
+ !(old->arch.flags & KVM_MEMSLOT_LOCK_WRITE))
+ memcpy(&memslot->arch, &old->arch, sizeof(old->arch));
+ else
+ return -EBUSY;
+ }
+
if (change != KVM_MR_CREATE && change != KVM_MR_MOVE &&
change != KVM_MR_FLAGS_ONLY)
return 0;
--
2.33.0
Powered by blists - more mailing lists