| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220513195000.99371-1-seanjc@google.com>
Date: Fri, 13 May 2022 19:49:58 +0000
From: Sean Christopherson <seanjc@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: Sean Christopherson <seanjc@...gle.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Joerg Roedel <joro@...tes.org>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, David Matlack <dmatlack@...gle.com>,
Ben Gardon <bgardon@...gle.com>
Subject: [PATCH 0/2] KVM: x86/mmu: nEPT X-only unsync bug fix
Fix a contrived bug where KVM can create a shadow-present SPTE with RWX=0
if L1 modifies an existing RX or RWX 4kb SPTE to be X-only and the combined
permissions for the upper level SPTEs yield !X.
Patch 2 adds a comment explaining why FNAME(sync_page) isn't repsonsible
for flushing synchronized entries that reduce protections, e.g. drop X
(or add NX). Lack of a flush made me do a double-take and a lot of
staring.
Sean Christopherson (2):
KVM: x86/mmu: Drop RWX=0 SPTEs during ept_sync_page()
KVM: x86/mmu: Comment FNAME(sync_page) to document TLB flushing logic
arch/x86/kvm/mmu/paging_tmpl.h | 18 +++++++++++++++++-
arch/x86/kvm/mmu/spte.c | 2 ++
2 files changed, 19 insertions(+), 1 deletion(-)
base-commit: 2764011106d0436cb44702cfb0981339d68c3509
--
2.36.0.550.gb090851708-goog
Powered by blists - more mailing lists