lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZfIElEiqYxfq2Gz4@google.com>
Date: Wed, 13 Mar 2024 12:55:00 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Rick Edgecombe <rick.p.edgecombe@...el.com>
Cc: pbonzini@...hat.com, hao.p.peng@...ux.intel.com, isaku.yamahata@...el.com, 
	kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] KVM: x86/mmu: x86: Don't overflow lpage_info when
 checking attributes

On Tue, Mar 12, 2024, Rick Edgecombe wrote:
> Fix KVM_SET_MEMORY_ATTRIBUTES to not overflow lpage_info array and trigger
> KASAN splat, as seen in the private_mem_conversions_test selftest.

Ugh, that's embarrassing.

> The issue can be observed simply by compiling the kernel with
> CONFIG_KASAN_VMALLOC and running the selftest “private_mem_conversions_test”,

Ah, less emabarrasing, as KASAN_VMALLOC isn't auto-selected by KASAN=y.

> It is a little ambiguous whether the unaligned tail page should be

Nit, it's the head page, not the tail page.  Strictly speaking, it's probably both
(or neither, if you're a half glass empty person), but the buggy code that is
processing regions is specifically dealing with what it calls the head page.

> expected to have KVM_LPAGE_MIXED_FLAG set. It is not functionally
> required, as the unaligned tail pages will already have their
> kvm_lpage_info count incremented. The comments imply not setting it on
> unaligned head pages is intentional, so fix the callers to skip trying to
> set KVM_LPAGE_MIXED_FLAG in this case, and in doing so not call
> hugepage_has_attrs().

> Also rename hugepage_has_attrs() to __slot_hugepage_has_attrs() because it
> is a delicate function that should not be widely used, and only is valid
> for ranges covered by the passed slot.

Eh, I vote to drop the rename.  It's (a) a local static, (b) guarded by
CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES=y, (c) pretty obvious from the @slot
param that it works on a single slot, (d) the double underscores suggests
there is an outer wrapper with the same name, which there is not, and (e) the
rename adds noise to a diff that's destined for stable@.

Other than the rename, code looks good.

Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ