lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20230703022049.nixdqrq63zzbmrdm@yy-desk-7060>
Date:   Mon, 3 Jul 2023 10:20:49 +0800
From:   Yuan Yao <yuan.yao@...ux.intel.com>
To:     Sean Christopherson <seanjc@...gle.com>
Cc:     Yan Zhao <yan.y.zhao@...el.com>,
        Reima Ishii <ishiir@...cc.u-tokyo.ac.jp>,
        shina@....u-tokyo.ac.jp, Paolo Bonzini <pbonzini@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
        "H. Peter Anvin" <hpa@...or.com>, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org, yuan.yao@...el.com
Subject: Re: [PATCH] KVM: nVMX: Prevent vmlaunch with EPTP pointing outside
 assigned memory area

On Fri, Jun 30, 2023 at 08:37:06AM -0700, Sean Christopherson wrote:
> On Fri, Jun 30, 2023, Yuan Yao wrote:
> > On Thu, Jun 29, 2023 at 01:30:31PM -0700, Sean Christopherson wrote:
> > > @@ -3834,8 +3822,8 @@ static int mmu_alloc_shadow_roots(struct kvm_vcpu *vcpu)
> > >  			if (!(pdptrs[i] & PT_PRESENT_MASK))
> > >  				continue;
> > >
> > > -			if (mmu_check_root(vcpu, pdptrs[i] >> PAGE_SHIFT))
> > > -				return 1;
> > > +			if (kvm_vcpu_is_visible_gfn(vcpu, pdptrs[i] >> PAGE_SHIFT))
> > > +				pdptrs[i] = 0;
> >
> > Hi Sean,
> >
> > Should this be "!kvm_vcpu_is_visible_gfn(vcpu, pdptrs[i] >> PAGE_SHIFT)" and
>
> Yep, typo that inverted the check.  Thanks for saving me some debug time!
>
> > turn the pae_root[i] to dummy root yet ?
>
> No, zeroing the PDPTR is sufficient.  Unlike CR3, which is always "present", PDPTRs
> have a present bit and so KVM can communicate to hardware that the entry isn't
> valid simply by clearing the PDPTPR.

Got it, same as how KVM deal with other middle level entries,
thanks for the explanation!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ