lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1c13abb3-cd9e-c9ca-3bd8-406bcc6965b4@redhat.com>
Date:   Fri, 22 Apr 2022 12:11:44 +0200
From:   Paolo Bonzini <pbonzini@...hat.com>
To:     Marc Zyngier <maz@...nel.org>
Cc:     linux-kernel@...r.kernel.org, kvm@...r.kernel.org, will@...nel.org,
        apatel@...tanamicro.com, atishp@...osinc.com, seanjc@...gle.com,
        pgonda@...gle.com
Subject: Re: [PATCH 1/4] KVM: x86: always initialize system_event.ndata

On 4/22/22 11:48, Marc Zyngier wrote:
> On Thu, 21 Apr 2022 19:04:40 +0100,
> Paolo Bonzini <pbonzini@...hat.com> wrote:
>>
>> The KVM_SYSTEM_EVENT_NDATA_VALID mechanism that was introduced
>> contextually with KVM_SYSTEM_EVENT_SEV_TERM is not a good match
>> for ARM and RISC-V, which want to communicate information even
>> for existing KVM_SYSTEM_EVENT_* constants.  Userspace is not ready
>> to filter out bit 31 of type, and fails to process the
>> KVM_EXIT_SYSTEM_EVENT exit.
>>
>> Therefore, tie the availability of ndata to a system capability
>> (which will be added once all architectures are on board).
>> Userspace written for released versions of Linux has no reason to
>> check flags, since it was never written, so it is okay to replace
>> it with ndata and data[0] (on 32-bit kernels) or with data[0]
>> (on 64-bit kernels).
> 
> How is it going to work for new userspace on old kernels, for which
> the ndata field is left uninitialised?

New userspace needs to check the capability before accessing ndata.

If it is desirable for Android, crosvm can "quirk" that ARM always has 
valid data[0] even in the absence of the capability.

> Cat we please get a #define that aliases data[0] to flags? At the next
> merge of the KVM headers into their respective trees, all the existing
> VMM are going to break if they have a reference to this field (CrosVM
> definitely does today -- yes, we're ahead of time).

That would be a union rather than a define but yes, I can do it.

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ