| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241206202752.GCZ1NeSMYTZ4ZDcfGJ@fat_crate.local>
Date: Fri, 6 Dec 2024 21:27:52 +0100
From: Borislav Petkov <bp@...en8.de>
To: "Nikunj A. Dadhania" <nikunj@....com>
Cc: linux-kernel@...r.kernel.org, thomas.lendacky@....com, x86@...nel.org,
kvm@...r.kernel.org, mingo@...hat.com, tglx@...utronix.de,
dave.hansen@...ux.intel.com, pgonda@...gle.com, seanjc@...gle.com,
pbonzini@...hat.com
Subject: Re: [PATCH v15 01/13] x86/sev: Carve out and export SNP guest
messaging init routines
On Thu, Dec 05, 2024 at 11:53:53AM +0530, Nikunj A. Dadhania wrote:
> > * get_report - I don't think so:
> >
> > /*
> > * The intermediate response buffer is used while decrypting the
> > * response payload. Make sure that it has enough space to cover the
> > * authtag.
> > */
> > resp_len = sizeof(report_resp->data) + mdesc->ctx->authsize;
> > report_resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT);
> >
> > That resp_len is limited and that's on the guest_ioctl path which cannot
> > happen concurrently?
>
> It is a trusted allocation, but should it be accounted as it is part of
> the userspace ioctl path ?
Well, it is unlocked_ioctl() and snp_guest_ioctl() is not taking any locks.
What's stopping anyone from writing a nasty little program which hammers the
sev-guest on the ioctl interface until the OOM killer activates?
IOW, this should probably remain _ACCOUNT AFAICT.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists