Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4142848imu; Mon, 14 Jan 2019 16:05:10 -0800 (PST) X-Google-Smtp-Source: ALg8bN5s6KWB5bcw8QDbWs9qVfQCP7uPzR1Qa5hk7c/hu3b5jkwzd3eqUlKDUA9C1i3KQKA7sPyU X-Received: by 2002:a17:902:b707:: with SMTP id d7mr1080171pls.29.1547510710373; Mon, 14 Jan 2019 16:05:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547510710; cv=none; d=google.com; s=arc-20160816; b=OsOcVEEtqw3qDJwqFsG0+2wW9e7fY6PRsYcIn+Xo3Uc0IKYThqo5fFjHb80t8vJac4 Dj/dbrApHIdwHvdBe9mswA7heQDC+XzV89DWOoX9lIH/KkyHHcEU6W/yOjJxMi97uepS YTDJGvibc48KqiRVpty5qloF+SNGn0AmwBj+l7r05apSc6tRuBjMwVPs9YI4e0/hcUSr 20Gp0dtGzwemT9t3M6keIhOMjDZDQiHB1wo816EIzRSRwccpggXveN2BbH9CwZcAuxsc 6ZxYRTRPp+psbF0m3tcdyxkEXbHhJxabOs0VDanCRWzaQ6MQCiUbERTppaVla1CNLjIm 4D2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=0W8txPFyvoxj+szZzjhgBl2jXFGFteZf6FMF2NQRuv0=; b=BCeidOrxmSR6PRqvF1p6imXhYPAVr6jQkkbN9KGuV+5zdnnIe7Te6wRU45eyeB+bvz 6uCdEEWCbGAsQ23hYb21TT03Y0baAVFKiNwVEB8ro0mm3xNPcgQLFJL8PKK6672iJVj3 TZsRv2EqmNUsLOupTfxEL5zm/mty0aa3SB3hUI3GEbp8aLubvnxO02x1pgM0JpyXoSmU e1x1WGs2JR0a6NsuDlLCK4tG5x9wNp+UaTwcIWTLKj3bc81I+PWgg8xTx7S08erfgHJR syIKcWWUg6WcrYgaJsPqjrRq2yhNVTX/iR2bojWKsFhbkNMGaDiYRipXaoAtAW9fBJbh 77mw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=uvMaEyKy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x12si1624334pgf.454.2019.01.14.16.04.54; Mon, 14 Jan 2019 16:05:10 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=uvMaEyKy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727297AbfAOADt (ORCPT + 99 others); Mon, 14 Jan 2019 19:03:49 -0500 Received: from mail-it1-f193.google.com ([209.85.166.193]:36109 "EHLO mail-it1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726911AbfAOADs (ORCPT ); Mon, 14 Jan 2019 19:03:48 -0500 Received: by mail-it1-f193.google.com with SMTP id c9so2097963itj.1 for ; Mon, 14 Jan 2019 16:03:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0W8txPFyvoxj+szZzjhgBl2jXFGFteZf6FMF2NQRuv0=; b=uvMaEyKyTtn7FDcLQiwISJO+TLzDSqdqpUs3Yrg0nVDKKgEe44bR/SHa6tp+AQWt4Z lNLYrqEh67vntOqCqUEx4hz9jOBvuVftN6dn2WGCzvYYwV7OFT0s7E0jmpQUNWMNNbOb h+eV+HgHqBKtFIIBRrruEMLObNxLaQwUT92ag+lvxxeqvWAycfJk6VPXLBt9gs+iM77R RDtd+XS6ZXeP+ckKG175Fw+5hmWyiCHPSYi9w7b0q5+L+MP1UtRD66hb30pbeN5t40jv rfDRydhWZikyi6ZARyj//waRl9f9pm2bqazsnH9fZVX6wSxHcU//3IUDlckVN6NjURDi w96Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0W8txPFyvoxj+szZzjhgBl2jXFGFteZf6FMF2NQRuv0=; b=NtCpT2OIwNXXh9tvgsuLvYxjwed7+ezFXC5O7abs6FwQ+TRyI5usz8sfUWidv5B5/7 Ttbsa9JBvAke1LhkbMGxBMoGb/M3XvyA0HIuN/fSHohmEUjHMuNfUdPnQz3cCR2PkebZ dNoGWDOuHO40v4RhvBEGww55/Rr9T8rzYAwPgT4J3SlP7z7xYNDqzzfmLO+vTVUxyfya 4+rZ6Dy5IOxX00tj/u//q/EdFkIy2sP5Ffl/J2zXMQxHjM8f5Yf9pffq9FcTeFFMfipb dCwy6kBSap+i/OhWaUK9fJtsAcjP2iHEJyQeiPR2SmlJR76+x+Xv8iE2abgE8KOkrWGk 6CRw== X-Gm-Message-State: AJcUukcme9hCgede25Oyr+UAsGaTnfZeMLjtNiJvH0mC092iiSmoGsRy oCmiLinPw1JOsa3h/dVG3SfRNogzP2GyJ1kN7qGaPw== X-Received: by 2002:a02:8a69:: with SMTP id e38mr646703jal.81.1547510627825; Mon, 14 Jan 2019 16:03:47 -0800 (PST) MIME-Version: 1.0 References: <6f79d9be-fa76-3a06-2612-f44f3a18ece7@redhat.com> <20190114234728.49239-1-tmroeder@google.com> In-Reply-To: <20190114234728.49239-1-tmroeder@google.com> From: Jim Mattson Date: Mon, 14 Jan 2019 16:03:35 -0800 Message-ID: Subject: Re: [RFC PATCH] kvm: x86/vmx: Use kzalloc for cached_vmcs12 To: Tom Roeder Cc: Paolo Bonzini , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Liran Alon , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H . Peter Anvin" , "the arch/x86 maintainers" , kvm list , LKML , syzbot+ded1696f6b50b615b630@syzkaller.appspotmail.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 14, 2019 at 3:48 PM Tom Roeder wrote: > > This changes the allocation of cached_vmcs12 to use kzalloc instead of > kmalloc. This removes the information leak found by Syzkaller (see > Reported-by) in this case and prevents similar leaks from happening > based on cached_vmcs12. > > The email from Syszkaller led to a discussion about a patch in early > November on the KVM list (I've made this a reply to that thread), but > the current upstream kernel still has kmalloc instead of kzalloc for > cached_vmcs12 and cached_shadow_vmcs12. This RFC proposes changing to > kzalloc for defense in depth. > > Tested: rebuilt but not tested, since this is an RFC > > Reported-by: syzbot+ded1696f6b50b615b630@syzkaller.appspotmail.com > Signed-off-by: Tom Roeder Reviewed-by: Jim Mattson