lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20231002133230.195738-1-michael.roth@amd.com>
Date:   Mon, 2 Oct 2023 08:32:30 -0500
From:   Michael Roth <michael.roth@....com>
To:     <kvm@...r.kernel.org>
CC:     <linux-kernel@...r.kernel.org>, <seanjc@...gle.com>,
        Paolo Bonzini <pbonzini@...hat.com>
Subject: [PATCH gmem FIXUP] KVM: Don't re-use inodes when creating guest_memfd files

anon_inode_getfile() uses a singleton inode, which results in the inode
size changing based with each new KVM_CREATE_GUEST_MEMFD call, which
can later lead to previously-created guest_memfd files failing bounds
checks that are later performed when memslots are bound to them. More
generally, the inode may be associated with other state that cannot be
shared across multiple guest_memfd instances.

Revert back to having 1 inode per guest_memfd instance by using the
"secure" variant of anon_inode_getfile().

Cc: Paolo Bonzini <pbonzini@...hat.com>
Cc: Sean Christopherson <seanjc@...gle.com>
Fixes: 0f7e60a5f42a ("kvm: guestmem: do not use a file system")
Signed-off-by: Michael Roth <michael.roth@....com>
---
 fs/anon_inodes.c       | 1 +
 virt/kvm/guest_memfd.c | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c
index 24192a7667ed..4190336180ee 100644
--- a/fs/anon_inodes.c
+++ b/fs/anon_inodes.c
@@ -176,6 +176,7 @@ struct file *anon_inode_getfile_secure(const char *name,
 	return __anon_inode_getfile(name, fops, priv, flags,
 				    context_inode, true);
 }
+EXPORT_SYMBOL_GPL(anon_inode_getfile_secure);
 
 static int __anon_inode_getfd(const char *name,
 			      const struct file_operations *fops,
diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c
index 78928ebd1bff..4d74b66cfbf7 100644
--- a/virt/kvm/guest_memfd.c
+++ b/virt/kvm/guest_memfd.c
@@ -378,8 +378,8 @@ static int __kvm_gmem_create(struct kvm *kvm, loff_t size, u64 flags)
 		goto err_fd;
 	}
 
-	file = anon_inode_getfile(anon_name, &kvm_gmem_fops, gmem,
-				  O_RDWR);
+	file = anon_inode_getfile_secure(anon_name, &kvm_gmem_fops, gmem,
+					 O_RDWR, NULL);
 	if (IS_ERR(file)) {
 		err = PTR_ERR(file);
 		goto err_gmem;
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ