Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp1943930ybe; Thu, 12 Sep 2019 01:57:11 -0700 (PDT) X-Google-Smtp-Source: APXvYqw2SNqIjhIx8ASFbSmyGJ2ttdDCQFtwtJ0KEzI8pliHXTCULCNu/6F4zjbMOJkJRHybJmVO X-Received: by 2002:a05:6402:658:: with SMTP id u24mr41786656edx.102.1568278631618; Thu, 12 Sep 2019 01:57:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568278631; cv=none; d=google.com; s=arc-20160816; b=Q802aQ0VjUgWDcDYTw/KQ90KALblPAhD7i9ECKArFNumy7c8rKsii3MoLQQuHTWKWr 5TUdqXCk4pweeSN+dEeJ3qAK2Yn/4Q1s4zgyYCek8zckrc8yEQSwy3gfINLOqv/txje2 EkDF4b/BFCMP4V5LlGSgHXQlGh9YR3ZnZi9xykfqSmO1JRpO/bgI8eEQ0n2ozRGrUtiz JziKKJcjznXjZuNkZVvgPD0B7y6TKN2m9c6Ag6qvmXmxbIl/aMqS30d7uBEMvLEDuveM XG8iT8eTgNRSs1DXj1SPhJwZvosu0DBZMH0Eh6eL7twy2GWyeK04AEs4JGRm9fTtbq0A LQYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from; bh=mx1kKrIiSmryWWn3Il/w12tQaldws+Bo5K0e/h/OmZw=; b=pXYPkDo0NzbGUIFm86yETmPBgkDP2LRswGtmf0xTw4Bi9oePAiCt/eU5rBY4wj99HX xZGIyWDhUAhcFGNERhyvQ578gV6tgAMu55OduZ6ZL/WpIgga5I4WdXKjpS/3M8eHKooQ odMveOF91ddlMqAtoZiiT4s+2A8bLX2lLPZ0G5whHf2Zx9L05rowJSyvKi/SL1vvqR1V BUm26kDm+noBm2QBoYV5Q9jbfWQQv8D1ZcS4Z8Lkos8S2CQs4dEmOOxSGa0X4w73SR2T z42aXbMzONsU+Jo4Yv9UhAuxd6G0KiMCpHU2sLUXxS36BkBzrPtIN/TQucZ9OtxAfQnw I0Rg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id ox15si12611505ejb.110.2019.09.12.01.56.47; Thu, 12 Sep 2019 01:57:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730508AbfILIvv (ORCPT + 99 others); Thu, 12 Sep 2019 04:51:51 -0400 Received: from mx1.redhat.com ([209.132.183.28]:35014 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730023AbfILIvu (ORCPT ); Thu, 12 Sep 2019 04:51:50 -0400 Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4C4B95AFF8 for ; Thu, 12 Sep 2019 08:51:50 +0000 (UTC) Received: by mail-wm1-f69.google.com with SMTP id d10so2332644wmb.0 for ; Thu, 12 Sep 2019 01:51:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=mx1kKrIiSmryWWn3Il/w12tQaldws+Bo5K0e/h/OmZw=; b=NjFIAfoqLKgaFc1WUriO/mT82EZxwAlPUFx7OOY3qvdHuS5jWOyU6+uVAJ5LIcXyHy bQgkQHWn1r8uBOypRmHKhib3QM1ndEUqBbu5VJpODcnRvql34HZfmQI6kw3AGQeqEe5Q xOCqoB6pgPspWYBV76Ot0Gnokm1bR20Th5PAKzc/HBz/p3PQm5S1gQhMhlQem8QCZ7iz C75V7/Cv3XL+LMJzbDzPDVrScsFBJZsYkhBoIsds/yqSRmmiUF0M3g9Fpfuh0PyE6535 o99o9/yDkFvPk32AWyR1oisbaHUgdS2TEOvBnrD4myw8cYnByyf5+u50sE7QADFE/Mlz l81w== X-Gm-Message-State: APjAAAUs0JU/38+nBv6m38M4GRSiJz820zFDeIZA5HSxyzQHYUPtlXqC DUrhbNUnLGs7gs53iGOqq2UVuHATgpBmSaGXS58EKIP7ATLMumLRWmsePFwXyVxhihbOJZwXi1Q VeZtYsO5JyoB7gsFwuKb4T9+0 X-Received: by 2002:adf:f44e:: with SMTP id f14mr32811308wrp.290.1568278308860; Thu, 12 Sep 2019 01:51:48 -0700 (PDT) X-Received: by 2002:adf:f44e:: with SMTP id f14mr32811294wrp.290.1568278308638; Thu, 12 Sep 2019 01:51:48 -0700 (PDT) Received: from vitty.brq.redhat.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id q3sm7850196wrm.86.2019.09.12.01.51.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Sep 2019 01:51:47 -0700 (PDT) From: Vitaly Kuznetsov To: Fuqian Huang Cc: Paolo Bonzini , Radim =?utf-8?B?S3LEjW3DocWZ?= , Sean Christopherson , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H . Peter Anvin" , x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Fuqian Huang Subject: Re: [PATCH] KVM: x86: work around leak of uninitialized stack contents In-Reply-To: <20190912041817.23984-1-huangfq.daxian@gmail.com> References: <20190912041817.23984-1-huangfq.daxian@gmail.com> Date: Thu, 12 Sep 2019 10:51:47 +0200 Message-ID: <87tv9hew2k.fsf@vitty.brq.redhat.com> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Fuqian Huang writes: > Emulation of VMPTRST can incorrectly inject a page fault > when passed an operand that points to an MMIO address. > The page fault will use uninitialized kernel stack memory > as the CR2 and error code. > > The right behavior would be to abort the VM with a KVM_EXIT_INTERNAL_ERROR > exit to userspace; Hm, why so? KVM_EXIT_INTERNAL_ERROR is basically an error in KVM, this is not a proper reaction to a userspace-induced condition (or ever). I also looked at VMPTRST's description in Intel's manual and I can't find and explicit limitation like "this must be normal memory". We're just supposed to inject #PF "If a page fault occurs in accessing the memory destination operand." In case it seems to be too cumbersome to handle VMPTRST to MMIO and we think that nobody should be doing that I'd rather prefer injecting #GP. Please tell me what I'm missing :-) > however, it is not an easy fix, so for now just ensure > that the error code and CR2 are zero. > > Signed-off-by: Fuqian Huang > --- > arch/x86/kvm/x86.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 290c3c3efb87..7f442d710858 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -5312,6 +5312,7 @@ int kvm_write_guest_virt_system(struct kvm_vcpu *vcpu, gva_t addr, void *val, > /* kvm_write_guest_virt_system can pull in tons of pages. */ > vcpu->arch.l1tf_flush_l1d = true; > > + memset(exception, 0, sizeof(*exception)); > return kvm_write_guest_virt_helper(addr, val, bytes, vcpu, > PFERR_WRITE_MASK, exception); > } -- Vitaly