| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87ilpkok0h.fsf@redhat.com>
Date: Wed, 01 Jun 2022 10:39:10 +0200
From: Vitaly Kuznetsov <vkuznets@...hat.com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Joerg Roedel <joro@...tes.org>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, Kees Cook <keescook@...omium.org>,
Robert Dinse <nanook@...imo.com>,
Paolo Bonzini <pbonzini@...hat.com>
Subject: Re: [PATCH v2 8/8] KVM: x86: Bug the VM on an out-of-bounds data read
Sean Christopherson <seanjc@...gle.com> writes:
> Bug the VM and terminate emulation if an out-of-bounds read into the
> emulator's data cache occurs. Knowingly contuining on all but guarantees
> that KVM will overwrite random kernel data, which is far, far worse than
> killing the VM.
>
> Signed-off-by: Sean Christopherson <seanjc@...gle.com>
> ---
> arch/x86/kvm/emulate.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
> index 2aa17462a9ac..39ea9138224c 100644
> --- a/arch/x86/kvm/emulate.c
> +++ b/arch/x86/kvm/emulate.c
> @@ -1373,7 +1373,8 @@ static int read_emulated(struct x86_emulate_ctxt *ctxt,
> if (mc->pos < mc->end)
> goto read_cached;
>
> - WARN_ON((mc->end + size) >= sizeof(mc->data));
> + if (KVM_EMULATOR_BUG_ON((mc->end + size) >= sizeof(mc->data), ctxt))
> + return X86EMUL_UNHANDLEABLE;
>
> rc = ctxt->ops->read_emulated(ctxt, addr, mc->data + mc->end, size,
> &ctxt->exception);
The last WARN_ON() is gone, cool)
Reviewed-by: Vitaly Kuznetsov <vkuznets@...hat.com>
--
Vitaly
Powered by blists - more mailing lists