Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp49517ybe; Thu, 12 Sep 2019 15:25:33 -0700 (PDT) X-Google-Smtp-Source: APXvYqytRtFu52lrBdKKZAQJGCyDkB1OOspQN92GZiPqriAwM5TaZyu9mM8h+BBqaG63UP4M5fc5 X-Received: by 2002:a17:906:6dc2:: with SMTP id j2mr23869784ejt.268.1568327133498; Thu, 12 Sep 2019 15:25:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568327133; cv=none; d=google.com; s=arc-20160816; b=JNgP1IhAwONGuTIGNf+nVA+Tk9cOi7WYKZv3Pu6LXDJ4kiNh4yhS2fnNVy5QYeKby/ XmNNzOFolVmOU1hHUy6eJASf2rHQb2RCR9GJYyxrWCQI+WC7m+bs1f9B+/pbgJI3Z5iB KFlcARDg0+uvkTykczHnhM/X6uR+wWI9esfQN1HkAWOe4Lh3jWw3/UrOWvGEAFlY6PfK 6URKwtrtqHaXeootA9F8XnKX9dh2LypqdBz7NM8PgGX/C17O4aZ+WHj7n2MmDuS/mbDP JsabOC4UmoFEReWZdqJM2DYMKbjabrmF/XvmImDKZrOgi9BYpLQtepJHe1PAvG1NZ0Or 66eA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=gN6NbTbdBD+LpPm2/OIojga+N97BltFjeiskUToQd2k=; b=OyKK/ESrHaKHC77jUxhOdl/gE5SdyOvMHlpagYBEuUVlTk9VoWvZThOcGc4hUAvMAE k6ah/7MtySIXvEbisWe07EfmwTMI07sQeJzUC1jtirKH790f2qD57KzM9/zEmYvdFAG7 EJkGElEZxbUfe+1agPlR3r/BZd4Z+LNBviIUmvaTmBz4kY788wP+AhGZ1gggoE3UVKfL PuMbWTg9gARVIcwkT4cxsNe/LHy72IwBeprQJv1ENe9T5GiANRxgXdgKO4aZjZCgG/n4 pKrm51kuZnLehbaI7Sal/+GMZCk8QNNpoGMnsvkBvv6OSSJu/q5pQYYjscn62wP+OQ4K zm8Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=uwudzUW+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r1si1949389eju.185.2019.09.12.15.25.10; Thu, 12 Sep 2019 15:25:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=uwudzUW+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728525AbfILVUW (ORCPT + 99 others); Thu, 12 Sep 2019 17:20:22 -0400 Received: from mail-io1-f68.google.com ([209.85.166.68]:35556 "EHLO mail-io1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728504AbfILVUW (ORCPT ); Thu, 12 Sep 2019 17:20:22 -0400 Received: by mail-io1-f68.google.com with SMTP id f4so57593244ion.2 for ; Thu, 12 Sep 2019 14:20:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gN6NbTbdBD+LpPm2/OIojga+N97BltFjeiskUToQd2k=; b=uwudzUW+QhHWEBiuzAIQHoFP9Q69nPzDa6YfPHDIQwbLPH4yOueCxKLHSe10rBJGk/ KhMtM3sJArrKR7vuHq9nkIr2X+tNYnC7SsyfPUc8rTLoktXUYE+BXhGSdYy2FvVSDgOQ yKNYiKfgP1dIJeZSY5aAox8IvqunDL6EsO+02vs0RyvDv4sJ7r5Dd/0RqA51abO/h0vM TCAQ2atBaRXIorzCzX0TzVQ/DQaJZZRQIuFIBjS6v+n/Z7h+n5wXwcUqzBUU0Q/AgtPG Upc37wSeXinGGYRHaEyBVQFkRHDAnyZe22+DLDbAwn8sjLRfhktzooI2nSXj1XC5rISB vpUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gN6NbTbdBD+LpPm2/OIojga+N97BltFjeiskUToQd2k=; b=Z+rZtAScmZyqV9GcRy0M6mPbj1/+3QCRoIMWdENua22nTz7OhQAQrprb/TL8Z5kWVL MVE51DWD2KSA44f4GkylLyMcMiqAWEaGmWPWhgBEvKSEQnz/JGFFnGVyK+ktmOKqGWs0 XH5Z9Jw8GII7rCC2zBMocoGNqnPzJ8oJgGp7PYTs05OtjxJqfCVx+eHXzf5ouadE3utF lDEsJ0PvNc7yIC/57gyjMIR7cueuKGmMaj6qtTkvN9q+E+tfAwO4W1WUGNUgqPYESmmS FY44xvx7D3EpSyMs3h0ed/OetW5lA5oAjtc3ue53t1u9AVoPLH78UU4lP38kXSu3QJEK TH9Q== X-Gm-Message-State: APjAAAXX0niuHeG5xxJsU26SNl2dAqglvJ2/QarfHr1PENahwKVRvTp6 P9icnijGTMiGzDfcLtlXWSSyg+Wr1x/p+9Rqg0pLAg== X-Received: by 2002:a6b:1606:: with SMTP id 6mr2231217iow.108.1568323220804; Thu, 12 Sep 2019 14:20:20 -0700 (PDT) MIME-Version: 1.0 References: <20190912041817.23984-1-huangfq.daxian@gmail.com> In-Reply-To: <20190912041817.23984-1-huangfq.daxian@gmail.com> From: Jim Mattson Date: Thu, 12 Sep 2019 14:20:09 -0700 Message-ID: Subject: Re: [PATCH] KVM: x86: work around leak of uninitialized stack contents To: Fuqian Huang Cc: Paolo Bonzini , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H . Peter Anvin" , "the arch/x86 maintainers" , kvm list , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 11, 2019 at 9:18 PM Fuqian Huang wrote: > > Emulation of VMPTRST can incorrectly inject a page fault > when passed an operand that points to an MMIO address. > The page fault will use uninitialized kernel stack memory > as the CR2 and error code. > > The right behavior would be to abort the VM with a KVM_EXIT_INTERNAL_ERROR > exit to userspace; however, it is not an easy fix, so for now just ensure > that the error code and CR2 are zero. > > Signed-off-by: Fuqian Huang > --- > arch/x86/kvm/x86.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 290c3c3efb87..7f442d710858 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -5312,6 +5312,7 @@ int kvm_write_guest_virt_system(struct kvm_vcpu *vcpu, gva_t addr, void *val, > /* kvm_write_guest_virt_system can pull in tons of pages. */ > vcpu->arch.l1tf_flush_l1d = true; > > + memset(exception, 0, sizeof(*exception)); > return kvm_write_guest_virt_helper(addr, val, bytes, vcpu, > PFERR_WRITE_MASK, exception); > } > -- > 2.11.0 > Perhaps you could also add a comment like the one Paolo added when he made the same change in kvm_read_guest_virt? See commit 353c0956a618 ("KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)").