lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <202212011522.0A318649@keescook>
Date:   Thu, 1 Dec 2022 15:22:46 -0800
From:   Kees Cook <keescook@...omium.org>
To:     Sean Christopherson <seanjc@...gle.com>
Cc:     Paolo Bonzini <pbonzini@...hat.com>, x86@...nel.org,
        Maxim Levitsky <mlevitsk@...hat.com>,
        linux-kernel@...r.kernel.org, Borislav Petkov <bp@...en8.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        Thomas Gleixner <tglx@...utronix.de>, kvm@...r.kernel.org,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        "Gustavo A. R. Silva" <gustavo@...eddedor.com>,
        linux-next@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: Coverity: emulator_leave_smm(): Error handling issues

On Thu, Dec 01, 2022 at 06:18:45PM +0000, Sean Christopherson wrote:
> On Thu, Dec 01, 2022, coverity-bot wrote:
> > Hello!
> > 
> > This is an experimental semi-automated report about issues detected by
> > Coverity from a scan of next-20221201 as part of the linux-next scan project:
> > https://scan.coverity.com/projects/linux-next-weekly-scan
> > 
> > You're getting this email because you were associated with the identified
> > lines of code (noted below) that were touched by commits:
> > 
> >   Wed Nov 9 12:31:18 2022 -0500
> >     1d0da94cdafe ("KVM: x86: do not go through ctxt->ops when emulating rsm")
> > 
> > Coverity reported the following:
> > 
> > *** CID 1527763:  Error handling issues  (CHECKED_RETURN)
> > arch/x86/kvm/smm.c:631 in emulator_leave_smm()
> > 625     		cr4 = kvm_read_cr4(vcpu);
> > 626     		if (cr4 & X86_CR4_PAE)
> > 627     			kvm_set_cr4(vcpu, cr4 & ~X86_CR4_PAE);
> > 628
> > 629     		/* And finally go back to 32-bit mode.  */
> > 630     		efer = 0;
> > vvv     CID 1527763:  Error handling issues  (CHECKED_RETURN)
> > vvv     Calling "kvm_set_msr" without checking return value (as is done elsewhere 5 out of 6 times).
> > 631     		kvm_set_msr(vcpu, MSR_EFER, efer);
> > 632     	}
> > 633     #endif
> > 634
> > 635     	/*
> > 636     	 * Give leave_smm() a chance to make ISA-specific changes to the vCPU
> > 
> > If this is a false positive, please let us know so we can mark it as
> 
> It's not a false positive per se, but absent a KVM bug the call can never fail.
> Ditto for the kvm_set_cr{0,4}() calls above.  That said, I'm tempted to "fix"
> these since we've had bugs related to this code in the past.  This doesn't seem
> too ugly...

Yeah, that's what I've done with similar cases. "This should be
impossible" get a WARN_ONCE and fail gracefully.

-Kees

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ