lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250822080100.27218-1-yan.y.zhao@intel.com>
Date: Fri, 22 Aug 2025 16:01:00 +0800
From: Yan Zhao <yan.y.zhao@...el.com>
To: pbonzini@...hat.com,
	seanjc@...gle.com
Cc: peterx@...hat.com,
	rick.p.edgecombe@...el.com,
	linux-kernel@...r.kernel.org,
	kvm@...r.kernel.org,
	Yan Zhao <yan.y.zhao@...el.com>
Subject: [PATCH v3 0/3] KVM: Do not reset dirty GFNs in a memslot not enabling dirty tracking

Hi,
This series addresses a bug where userspace can request KVM to reset dirty
GFNs in memslots that do not have dirty tracking enabled.

Patch 1 provides the fix.
Patch 2 is an optimization to avoid unnecessary invoking of handlers in
        kvm_handle_hva_range() when a GFN range is entirely private.

        Patch 2 is not directly related to the issue in this series, but
        was found while implementing the selftest in patch 3. It also
        enhance reliability of the selftest results in patch 3 by ruling
        out the zap-related changes to private mappings of the test slot.

Patch 3 converts the TDX-specific selftest in v2 to test
        KVM_X86_SW_PROTECTED_VM VMs.

        Unlike TDX cases which would generate KVM_BUG_ON() when GFNs are
        incorrectly reset in memslots not enabling dirty tracking, there
        are not obvious errors for KVM_X86_SW_PROTECTED_VMs. So, patch 3
        detects the event kvm_tdp_mmu_spte_changed instead.

        Will provide TDX cases once the TDX selftest framework is
        finalized.

v3:
- Rebased patch 1.
- Added patch 2.
- Converted patch 3 to test KVM_X86_SW_PROTECTED_VM VMs.
- code base: kvm-x86-next-2025.08.21

v2: https://lore.kernel.org/all/20241223070427.29583-1-yan.y.zhao@intel.com
- Added a comment in patch 1, explaining that it's possible to try to
  update a memslot that isn't being dirty-logged if userspace is
  misbehaving. Specifically, userspace can write arbitrary data into the
  ring. (Sean)

v1: https://lore.kernel.org/all/20241220082027.15851-1-yan.y.zhao@intel.com


Yan Zhao (3):
  KVM: Do not reset dirty GFNs in a memslot not enabling dirty tracking
  KVM: Skip invoking shared memory handler for entirely private GFN
    ranges
  KVM: selftests: Test resetting dirty ring in gmem slots in protected
    VMs

 tools/testing/selftests/kvm/Makefile.kvm      |   1 +
 .../kvm/x86/reset_dirty_ring_on_gmem_test.c   | 392 ++++++++++++++++++
 virt/kvm/dirty_ring.c                         |   8 +-
 virt/kvm/kvm_main.c                           |  11 +
 4 files changed, 411 insertions(+), 1 deletion(-)
 create mode 100644 tools/testing/selftests/kvm/x86/reset_dirty_ring_on_gmem_test.c

-- 
2.43.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ