Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp551573ybe; Fri, 13 Sep 2019 02:12:13 -0700 (PDT) X-Google-Smtp-Source: APXvYqwKzQF16BM8xeg4QQgmd1OYI1z7tUQpijGaoh6/6gQVq+qzyFjoWgN19/YxWSUeSQa5Qivr X-Received: by 2002:a05:6402:2d0:: with SMTP id b16mr48153491edx.147.1568365933854; Fri, 13 Sep 2019 02:12:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568365933; cv=none; d=google.com; s=arc-20160816; b=uSFXrD6cCHVJsWXGARaR74EVOFz+8DWRnO1MMnBaBiVjx3H6vY/cPPM/Lj5+IGgW5N JP9vgaq8QFMz/OUYTJk7YV5uqq1YaWP+SEVMfdjoQymDteciYbyxdUbL1X4G7F7Fv/3B jobTucoNSCVeP5qxbJi+mVLMswJ1EjBqGBlNuNXD3Udn01m3+qjTmEgFHomRjkyLDupN XKQWdxG3orPP/ZHQkYwc6xiWwfyRYs7B4l1zVtmeNmLDjwdW0XC2112fYE4MKgUS3YB0 Qk0n1LutAkAGJoh2P9IRIhoNT8HSfAeLCAEedef0B6O5ceuPzYDzKddVG6pdthR7z1ib 5qsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:openpgp:from:references:cc:to:subject; bh=Qe4KPycV+UzlvJmLvwk1EReg91l2Z/bcR8TGK9fZmqA=; b=GsJOKT7FpcpPdUR0IT7bqzSgXzmQ9g35rpZUk107D8hJ4scNA9/EhaDDEmeGZr8g+f E88eAkcWabq9Jhu1ij6UouhhnCkkG9nEtboJDVSaONmBY8l0Jxj1WQ/QDPwr3YpAjwZJ /mgJ3WmGolg7vsm7jIsZm85HMk+q+94jeAGOeINFOxWLHPX07r3+Q1ZDZijgD9zMqHIv GHLHLqnM7xKhtEJbm0y4nu8Tdorfdqjh94JGlw2t/8dAxPW/bKCzvdnuXacTMACxhiDw O7UMqBwqXyScbBd0hz4nAiIjrCNwZIzD7E6IK20L0PwYcitk+INLBjxBQ3wu91/fzvqG G+fw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o46si17574045edc.124.2019.09.13.02.11.50; Fri, 13 Sep 2019 02:12:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387907AbfIMJHn (ORCPT + 99 others); Fri, 13 Sep 2019 05:07:43 -0400 Received: from mx1.redhat.com ([209.132.183.28]:41708 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387897AbfIMJHn (ORCPT ); Fri, 13 Sep 2019 05:07:43 -0400 Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 76A79C007359 for ; Fri, 13 Sep 2019 09:07:42 +0000 (UTC) Received: by mail-wm1-f71.google.com with SMTP id m6so1084540wmf.2 for ; Fri, 13 Sep 2019 02:07:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=Qe4KPycV+UzlvJmLvwk1EReg91l2Z/bcR8TGK9fZmqA=; b=Xto4HsPxfcq/bblFFMnSQSaTkzYeHVso+1Qv8q0EeFkcZPJbbjrGbyBUsUl0Us1eMZ 3pD8i0QGDuxjeqEcUwFi4YXzB4bBqWaSy/vbefstNCsUO4Dx9Pp7bQb3hT1P+8wxHn6h Qj5sn8qqv7Ha23c6mRVjTL6Wjb8zTKepMsT0PWwwU0KA51Q3nwMr+S7iy145bqBWXPid qWaykTYk0Yhr3q0NqdJKCZzrudvaxwv/xizAhU4qBD8KN5ldGY60EBU8teC3HmKeR6e9 IuXS51fhIfKtLA6/zKkhZg0SZVyKL2Xg9Cv3t2fEem2s8o35iZClBrYhOBMNHHzRl8sr dSww== X-Gm-Message-State: APjAAAXXKH/OlD8sDkd+LPJx6gFNvvp8zc0U3zi7GuCxQw/6d9ghte0O c5IQWs2Nv2kcAYqnDksdEaiu0Z9fiUtAt7XMHUzqXufmZUn8CJg4/Ii4G3vv6VSCrYMNjsH7R2b Yj7wS9XyXBfi7zvUtlJIHec66 X-Received: by 2002:a5d:4146:: with SMTP id c6mr18435476wrq.205.1568365661020; Fri, 13 Sep 2019 02:07:41 -0700 (PDT) X-Received: by 2002:a5d:4146:: with SMTP id c6mr18435449wrq.205.1568365660691; Fri, 13 Sep 2019 02:07:40 -0700 (PDT) Received: from ?IPv6:2001:b07:6468:f312:3166:d768:e1a7:aab8? ([2001:b07:6468:f312:3166:d768:e1a7:aab8]) by smtp.gmail.com with ESMTPSA id n4sm1784880wmd.45.2019.09.13.02.07.39 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 13 Sep 2019 02:07:40 -0700 (PDT) Subject: Re: [PATCH] KVM: x86: work around leak of uninitialized stack contents To: Sean Christopherson , Jim Mattson Cc: Fuqian Huang , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Vitaly Kuznetsov , Wanpeng Li , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H . Peter Anvin" , the arch/x86 maintainers , kvm list , LKML References: <20190912041817.23984-1-huangfq.daxian@gmail.com> <20190912235205.GA6588@linux.intel.com> From: Paolo Bonzini Openpgp: preference=signencrypt Message-ID: <5916292d-a687-5890-6012-054c34cccda7@redhat.com> Date: Fri, 13 Sep 2019 11:07:40 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20190912235205.GA6588@linux.intel.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 13/09/19 01:52, Sean Christopherson wrote: >>> >> Perhaps you could also add a comment like the one Paolo added when he >> made the same change in kvm_read_guest_virt? >> See commit 353c0956a618 ("KVM: x86: work around leak of uninitialized >> stack contents (CVE-2019-7222)"). > I have a better hack-a-fix, we can handle the unexpected MMIO using master > abort semantics, i.e. reads return all ones, writes are dropped. It's not > 100% correct as KVM won't handle the case where the address is legit MMIO, > but it's at least sometimes correct and thus better than a #PF. That's still hacky though. I agree with Jim that KVM_EXIT_INTERNAL_ERROR is basically "math is hard, let's go shopping" but it's better than making up our own behavior (of either the chipset or the processor). I'll add the comment and commit Fuqiang's patch. Paolo