| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6cef7c8a-10d3-9fc6-f68d-220fdfc079c1@redhat.com>
Date: Fri, 18 Feb 2022 19:14:28 +0100
From: Paolo Bonzini <pbonzini@...hat.com>
To: Tadeusz Struk <tadeusz.struk@...aro.org>,
Sean Christopherson <seanjc@...gle.com>
Cc: Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Joerg Roedel <joro@...tes.org>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org,
syzbot+8112db3ab20e70d50c31@...kaller.appspotmail.com
Subject: Re: [PATCH] KVM: x86: Forcibly leave nested virt when SMM state is
toggled
On 2/18/22 18:22, Tadeusz Struk wrote:
> On 2/18/22 08:58, Sean Christopherson wrote:
>> This SMM-specific patch fixes something different, the bug that you
>> are still
>> hitting is the FNAME(cmpxchg_gpte) mess. The uaccess CMPXCHG
>> series[*] that
>> properly fixes that issue hasn't been merged yet.
>>
>> ==================================================================
>> BUG: KASAN: use-after-free in ept_cmpxchg_gpte.constprop.0+0x3c3/0x590
>> Write of size 8 at addr ffff888010000000 by task repro/5633
>>
>> [*]https://lore.kernel.org/all/20220202004945.2540433-1-seanjc@google.com
>>
>
> Ok, that's good. I will keep an eye on it and give it a try then.
I'll poke PeterZ for a review next week.
Paolo
Powered by blists - more mailing lists