| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Zw1BcYhTxZS4E2O5@google.com>
Date: Mon, 14 Oct 2024 09:06:48 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Adrian Hunter <adrian.hunter@...el.com>
Cc: Peter Zijlstra <peterz@...radead.org>, Paolo Bonzini <pbonzini@...hat.com>,
Ingo Molnar <mingo@...hat.com>, Mark Rutland <mark.rutland@....com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>, Heiko Carstens <hca@...ux.ibm.com>,
Thomas Richter <tmricht@...ux.ibm.com>, Hendrik Brueckner <brueckner@...ux.ibm.com>,
Suzuki K Poulose <suzuki.poulose@....com>, Mike Leach <mike.leach@...aro.org>,
James Clark <james.clark@....com>, coresight@...ts.linaro.org,
linux-arm-kernel@...ts.infradead.org, Yicong Yang <yangyicong@...ilicon.com>,
Jonathan Cameron <jonathan.cameron@...wei.com>, Will Deacon <will@...nel.org>,
Arnaldo Carvalho de Melo <acme@...nel.org>, Jiri Olsa <jolsa@...nel.org>, Namhyung Kim <namhyung@...nel.org>,
Ian Rogers <irogers@...gle.com>, Andi Kleen <ak@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, H Peter Anvin <hpa@...or.com>,
Kan Liang <kan.liang@...ux.intel.com>, Zhenyu Wang <zhenyuw@...ux.intel.com>, mizhang@...gle.com,
kvm@...r.kernel.org, Shuah Khan <shuah@...nel.org>, linux-kselftest@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-perf-users@...r.kernel.org
Subject: Re: [PATCH V13 02/14] KVM: x86: Fix Intel PT IA32_RTIT_CTL MSR validation
"KVM: VMX:" for the scope.
And I would much prefer to actually state what is changing. "Fix XYZ" isn't
helpful in understanding what's actually broken, fallout from the bug, etc. It's
never easy to describe bugs where the logic is flat out busted, but I think we can
at least capture the basic gist, and allude to the badness being a wrongly disallowed
write.
On Mon, Oct 14, 2024, Adrian Hunter wrote:
> Fix KVM IA32_RTIT_CTL MSR validation logic so that if RTIT_CTL_TRACEEN
> bit is cleared, then other bits are allowed to change also. For example,
> writing 0 to IA32_RTIT_CTL in order to stop tracing, is valid.
There's a fair amount of extraneous and disctracting information in both the shortlog
and changelog. E.g. "Intel PT IA32_RTIT_CTL MSR" can simply be MSR_IA32_RTIT_CTL.
And the
I'll fix up to the below when applying; AFAICT, this fix is completely independent
of the rest of the series.
KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared
Allow toggling other bits in MSR_IA32_RTIT_CTL if the enable bit is being
cleared, the existing logic simply ignores the enable bit. E.g. KVM will
incorrectly reject a write of '0' to stop tracing.
> Fixes: bf8c55d8dc09 ("KVM: x86: Implement Intel PT MSRs read/write emulation")
> Cc: stable@...r.kernel.org
> Signed-off-by: Adrian Hunter <adrian.hunter@...el.com>
> ---
> arch/x86/kvm/vmx/vmx.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index 1a4438358c5e..eaf4965ac6df 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -1635,7 +1635,8 @@ static int vmx_rtit_ctl_check(struct kvm_vcpu *vcpu, u64 data)
> * result in a #GP unless the same write also clears TraceEn.
> */
> if ((vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN) &&
> - ((vmx->pt_desc.guest.ctl ^ data) & ~RTIT_CTL_TRACEEN))
> + (data & RTIT_CTL_TRACEEN) &&
> + data != vmx->pt_desc.guest.ctl)
> return 1;
>
> /*
> --
> 2.43.0
>
Powered by blists - more mailing lists