lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241210102835.GCZ1gX04evsuTcS01d@fat_crate.local>
Date: Tue, 10 Dec 2024 11:28:35 +0100
From: Borislav Petkov <bp@...en8.de>
To: Tom Lendacky <thomas.lendacky@....com>
Cc: linux-kernel@...r.kernel.org, x86@...nel.org,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	Michael Roth <michael.roth@....com>,
	Ashish Kalra <ashish.kalra@....com>,
	Nikunj A Dadhania <nikunj@....com>,
	Neeraj Upadhyay <Neeraj.Upadhyay@....com>
Subject: Re: [PATCH v6 6/8] x86/sev: Treat the contiguous RMP table as a
 single RMP segment

On Mon, Dec 09, 2024 at 08:43:20PM +0100, Borislav Petkov wrote:
> I think we should collect the deliberation why we're doing this nospec stuff
> from here:
> 
> https://lore.kernel.org/r/79be2e29-6487-dd60-9b6f-3daa48a2e93f@amd.com
> 
> into a comment around here for future reference.
> 
> This is the best example for those: "uff, why did we do it back then"?
> questions when we stare at this months, years from now.

IOW, something short like this which should catch the gist of the idea:

diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c
index 3272a73d3594..46abc73cbb87 100644
--- a/arch/x86/virt/svm/sev.c
+++ b/arch/x86/virt/svm/sev.c
@@ -453,6 +453,14 @@ bool snp_probe_rmptable_info(void)
        return true;
 }
 
+/*
+ * About the array_index_nospec() usage below:
+ *
+ * This function can get called by exported functions like
+ * snp_lookup_rmpentry(), which is used by the KVM #PF handler, among
+ * others, and since the @pfn passed in cannot always be trusted,
+ * speculation should be stopped as a protective measure.
+ */
 static struct rmpentry_raw *get_raw_rmpentry(u64 pfn)
 {
        u64 paddr, rst_index, segment_index;

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ