| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220516175533.4bf3dd93@p-imbrenda>
Date: Mon, 16 May 2022 17:55:33 +0200
From: Claudio Imbrenda <imbrenda@...ux.ibm.com>
To: Nico Boehr <nrb@...ux.ibm.com>
Cc: kvm@...r.kernel.org, borntraeger@...ibm.com, frankja@...ux.ibm.com,
thuth@...hat.com, pasic@...ux.ibm.com, david@...hat.com,
linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
scgl@...ux.ibm.com, mimu@...ux.ibm.com
Subject: Re: [PATCH v10 01/19] KVM: s390: pv: leak the topmost page table
when destroy fails
On Mon, 16 May 2022 09:22:09 +0200
Nico Boehr <nrb@...ux.ibm.com> wrote:
> On Thu, 2022-04-14 at 10:02 +0200, Claudio Imbrenda wrote:
>
> [...]
> > +/**
> > + * s390_replace_asce - Try to replace the current ASCE of a gmap
> > with
> > + * another equivalent one.
> > + * @gmap the gmap
> > + *
> > + * If the allocation of the new top level page table fails, the ASCE
> > is not
> > + * replaced.
> > + * In any case, the old ASCE is always removed from the list.
> > Therefore the
> > + * caller has to make sure to save a pointer to it beforehands,
> > unless an
> > + * intentional leak is intended.
> > + */
> > +int s390_replace_asce(struct gmap *gmap)
> > +{
> >
> [...]
> > + /* Set new table origin while preserving existing ASCE
> > control bits */
> > + asce = (gmap->asce & ~_ASCE_ORIGIN) | __pa(table);
> > + WRITE_ONCE(gmap->asce, asce);
>
> Can someone concurrently touch the control bits?
should not happen, nobody is using the ASCE while we replace it
moreover, all callers of s390_replace_asce hold kvm->lock, as do all
functions changing the ASCE
Powered by blists - more mailing lists