| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Jul 2022 11:08:30 -0000
From: "tip-bot2 for Thadeu Lima de Souza Cascardo" <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: Linux Kernel Functional Testing <lkft@...aro.org>,
Thadeu Lima de Souza Cascardo <cascardo@...onical.com>,
Borislav Petkov <bp@...e.de>, x86@...nel.org,
linux-kernel@...r.kernel.org
Subject: [tip: x86/urgent] x86/kvm: Fix FASTOP_SIZE when return thunks are enabled
The following commit has been merged into the x86/urgent branch of tip:
Commit-ID: 3652dee22a2a321d6dabe1ea0aa4b2b3c87da8dc
Gitweb: https://git.kernel.org/tip/3652dee22a2a321d6dabe1ea0aa4b2b3c87da8dc
Author: Thadeu Lima de Souza Cascardo <cascardo@...onical.com>
AuthorDate: Wed, 13 Jul 2022 14:12:41 -03:00
Committer: Borislav Petkov <bp@...e.de>
CommitterDate: Thu, 14 Jul 2022 09:59:10 +02:00
x86/kvm: Fix FASTOP_SIZE when return thunks are enabled
The return thunk call makes the fastop functions larger, just like IBT
does. Consider a 16-byte FASTOP_SIZE when CONFIG_RETHUNK is enabled.
Otherwise, functions will be incorrectly aligned and when computing
their position for differently sized operators, they will execute in the
middle or end of a function, which may as well be an int3, leading to a
crash like:
int3: 0000 [#1] SMP NOPTI
CPU: 3 PID: 1371 Comm: qemu-system-x86 Not tainted 5.15.0-41-generic #44
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014
RIP: 0010:xaddw_ax_dx+0x9/0x10 [kvm]
Code: 00 0f bb d0 c3 cc cc cc cc 48 0f bb d0 c3 cc cc cc cc 0f 1f 80 00 00 00 00 0f c0 d0 c3 cc cc cc cc 66 0f c1 d0 c3 cc cc cc cc <0f> 1f 80 00 00 00 00 0f c1 d0 c3 cc cc cc cc 48 0f c1 d0 c3 cc cc
Call Trace:
<TASK>
? fastop
x86_emulate_insn
x86_emulate_instruction
? kvm_arch_vcpu_load
? vmx_prepare_switch_to_host
complete_emulated_mmio
kvm_arch_vcpu_ioctl_run
kvm_vcpu_ioctl
? kvm_vcpu_ioctl
? __fget_files
? __fget_files
__x64_sys_ioctl
do_syscall_64
? syscall_exit_to_user_mode
? do_syscall_64
? syscall_exit_to_user_mode
? __x64_sys_writev
? do_syscall_64
? exit_to_user_mode_prepare
? syscall_exit_to_user_mode
? do_syscall_64
? do_syscall_64
? do_syscall_64
? do_syscall_64
entry_SYSCALL_64_after_hwframe
---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
Fixes: aa3d480315ba ("x86: Use return-thunk in asm code")
Reported-by: Linux Kernel Functional Testing <lkft@...aro.org>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@...onical.com>
Signed-off-by: Borislav Petkov <bp@...e.de>
Link: https://lore.kernel.org/r/CA%2BG9fYtntg7=zWSs-dm%2Bn_AUr_u0eBOU0zrwWqMeXZ%2BSF6_bLw@mail.gmail.com
---
arch/x86/kvm/emulate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index db96bf7..d779eea 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -190,7 +190,7 @@
#define X16(x...) X8(x), X8(x)
#define NR_FASTOP (ilog2(sizeof(ulong)) + 1)
-#define FASTOP_SIZE (8 * (1 + HAS_KERNEL_IBT))
+#define FASTOP_SIZE (8 * (1 + (HAS_KERNEL_IBT | IS_ENABLED(CONFIG_RETHUNK))))
struct opcode {
u64 flags;
Powered by blists - more mailing lists