lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <6d17801e-33be-4f6e-a61b-8d8f43238261@intel.com>
Date: Fri, 1 Mar 2024 11:39:41 +1300
From: "Huang, Kai" <kai.huang@...el.com>
To: Dongli Zhang <dongli.zhang@...cle.com>, <kvm@...r.kernel.org>
CC: <pbonzini@...hat.com>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 1/1] KVM: use KVM_HVA_ERR_BAD to check bad hva



On 1/03/2024 11:13 am, Dongli Zhang wrote:
> 
> 
> On 2/29/24 13:53, Huang, Kai wrote:
>>
>>
>> On 1/03/2024 10:25 am, Dongli Zhang wrote:
>>> Replace PAGE_OFFSET with KVM_HVA_ERR_BAD, to facilitate the cscope when
>>> looking for where KVM_HVA_ERR_BAD is used.
>>>
>>> Every time I use cscope to query the functions that are impacted by the
>>> return value (KVM_HVA_ERR_BAD) of __gfn_to_hva_many(), I may miss
>>> kvm_is_error_hva().
>>
>> I am not sure "to facilitate cscope" could be a justification to do some code
>> change in the kernel.
>>
>>>
>>> Signed-off-by: Dongli Zhang <dongli.zhang@...cle.com>
>>> ---
>>>    include/linux/kvm_host.h | 2 +-
>>>    1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
>>> index 7e7fd25b09b3..4dc0300e7766 100644
>>> --- a/include/linux/kvm_host.h
>>> +++ b/include/linux/kvm_host.h
>>> @@ -143,7 +143,7 @@ static inline bool is_noslot_pfn(kvm_pfn_t pfn)
>>>      static inline bool kvm_is_error_hva(unsigned long addr)
>>>    {
>>> -    return addr >= PAGE_OFFSET;
>>> +    return addr >= KVM_HVA_ERR_BAD;
>>>    }
>>>      #endif
>>
>>
>> Also, IIUC the KVM_HVA_ERR_BAD _theoretically_ can be any random value that can
>> make kvm_is_error_hva() return false, while kvm_is_error_hva() must catch all
>> error HVAs.
>>
>> E.g., if we ever change KVM_HVA_ERR_BAD to use any other value (although I don't
>> see why this could ever happen), then using KVM_HVA_ERR_BAD in
>> kvm_is_error_hva() would be broken.
>>
>> In other words, it seems to me we should just use PAGE_OFFSET in
>> kvm_is_error_hva().
>>
> 
> 
> At least so far PAGE_OFFSET is the same value as KVM_HVA_ERR_BAD (except
> mips/s390), as line 141. Therefore, this is "No functional change".
> 
> It indicates the userspace VMM can never have hva in the range of kernel space.
> 
>   139 #ifndef KVM_HVA_ERR_BAD
>   140
>   141 #define KVM_HVA_ERR_BAD         (PAGE_OFFSET)
>   142 #define KVM_HVA_ERR_RO_BAD      (PAGE_OFFSET + PAGE_SIZE)
>   143
>   144 static inline bool kvm_is_error_hva(unsigned long addr)
>   145 {
>   146         return addr >= PAGE_OFFSET;
>   147 }
>   148
>   149 #endif
> 
> 
> Regarding to "facilitate cscope", this happened since long time ago when I read
> about ept_violation/mmio path.
> 
> 1. The __gfn_to_hva_many() may return KVM_HVA_ERR_BAD for mmio.
> 2. Then I used cscope to find the location of KVM_HVA_ERR_BAD.
> 3. The kvm_is_error_hva() is not in the results.
> 4. It took me a while to figure out that the 'KVM_HVA_ERR_BAD' is indirectly
> used by kvm_is_error_hva().
> 
> This is just based on my own experience when reading mmio code path. Thank you
> very much!

Neither of these can justify this patch.

As I replied earlier, _logically_, IIUC kvm_is_error_hva() shouldn't use 
KVM_HVA_ERR_BAD, because the former needs to catch *ALL* bad HVA but the 
latter could be some *RANDOM* bad HVA.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ