Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp64636pxb; Wed, 18 Aug 2021 16:08:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwaCpbfEfF6ralDLTDWBcGzyJNkgPWTgOE6/wyY/uounOdQyxgY+TG/ZW3uBVd0SgvJ+VDR X-Received: by 2002:a05:6e02:2188:: with SMTP id j8mr7582910ila.66.1629328084319; Wed, 18 Aug 2021 16:08:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629328084; cv=none; d=google.com; s=arc-20160816; b=K+2ixMeFb3DwdAd79gWHnodEdpYdCpcSsrWZg+UOt8sAOxxCSBlTn/XmwJ8n6DyEmy vYxn7K8u7Mxyr/7b46/04cuVDoZN1/AiMfzn395wzV5KEuhrGGlVX/pyS0s9X/eNPnjR xPBUj2RU3YikeTXgK6dZx26vk3piAjpuAaqaNB+9TWO1H2L4RftHmGtBmKzGbAvOmnBv WSrtfVI6ZcIMYt6E1+JT7KBEDlbYkgRw0ogoVZi/TwNqQpJ7QTL39tRdX0ui60G+IMub 93sc0PrSYmTsarnxj/RiTOQ42djTyZh7gH6xMQaVZFkslEEI4spKTm9O+l7GqqtAH0th 0YVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=6LXlTnktuLXOSEatHkAd9iidtx/DlqNXw6t+P+U3BQc=; b=Bb30L4c0sfj+x/MglZWfKpjg6prR0+21DpxRsOqDyniXJCb/LNf+wvpTV/wt0eoxVW dSRbfKLZ8Q4EMgqS/odKnZmT9DSPI7Of8dnxC/gWqWM2dZgZqPsXdq8wXwaSRPxRA0zC 25CuzXuwEoNJkX0vYbGzF+EXgXZTt7zS9GaG9sD1A5uafIn1kxnl8qBIyuB8vozOXyEi D7dInCmM4xH7Zsaphnm7tOK7hA1LHIkgj5ETVToV4/tjVOt6bVp/r4Po12NmL/Xeu+cy UnzvgSzFzTpQbq94wDzHxSH42bt4PpiNDt64e47FacYhdLlmmRDE5tHtfSYAwlKpb44y asvg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=QDNt5PHg; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f15si1150033ilu.156.2021.08.18.16.07.49; Wed, 18 Aug 2021 16:08:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=QDNt5PHg; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234870AbhHRXHS (ORCPT + 99 others); Wed, 18 Aug 2021 19:07:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57440 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234834AbhHRXHR (ORCPT ); Wed, 18 Aug 2021 19:07:17 -0400 Received: from mail-pg1-x52b.google.com (mail-pg1-x52b.google.com [IPv6:2607:f8b0:4864:20::52b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0467BC0617AD for ; Wed, 18 Aug 2021 16:06:41 -0700 (PDT) Received: by mail-pg1-x52b.google.com with SMTP id k14so3960250pga.13 for ; Wed, 18 Aug 2021 16:06:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=6LXlTnktuLXOSEatHkAd9iidtx/DlqNXw6t+P+U3BQc=; b=QDNt5PHgo+7rFQ5/N15pMYx2nigmnDuCuJ+bOuvXfS72zqVl8vZRlj8bX+wFTjLeE1 +cWdQw4DYXF54Bu3mpVNecT17rymK4/4HID0NO8YPAsOH71eiDyu8sN6XAFVcXLqPAMH GiSiCnGqiMI57DyQ0LAdNhljzGxXXxsfxTLco= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=6LXlTnktuLXOSEatHkAd9iidtx/DlqNXw6t+P+U3BQc=; b=YXnxo9iV0sWbtaVTU0KiCDZG0TmpPFxANJJL6O1eLwauM+eXgHNwzyCjc5BaUnxCsY /iV0E5VLGl1Ig+EtMa84IPKjNj9Uym2TpM5F/bQyTbp2GP6GGbero7NrneisOMcPZeId UB4ndqG0L0S3oV7auyR6rsg2nwoVQG2hkGwDPIHusG0dYjPuxYz0c7LUCutAit5GtCon N/TQChO9b+j+f7faN7CIFtB4vspgotZ8Bxp2GYtmNJAbj0T5R37cFFTjzOgr8DZ3mQhe twlFzMTDEjKxlTwZ3x5phxCEj4XGL9Qqqrtg97wx4NHJOfL5S6HiTDA358peESySBHdD xh8w== X-Gm-Message-State: AOAM5331nRFcZHjkfpIJx9Npq0DsQ4iwgU/0BJho/JWknIz/aE4F/M7C zY7omMPEL1X2r9F7vRf7fpDNtg== X-Received: by 2002:aa7:8242:0:b0:3e2:97eb:d6e8 with SMTP id e2-20020aa78242000000b003e297ebd6e8mr9677080pfn.66.1629328001407; Wed, 18 Aug 2021 16:06:41 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id 143sm916287pfz.13.2021.08.18.16.06.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Aug 2021 16:06:40 -0700 (PDT) Date: Wed, 18 Aug 2021 16:06:39 -0700 From: Kees Cook To: Sean Christopherson Cc: linux-kernel@vger.kernel.org, Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H. Peter Anvin" , kvm@vger.kernel.org, "Gustavo A. R. Silva" , Greg Kroah-Hartman , Andrew Morton , linux-wireless@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, linux-staging@lists.linux.dev, linux-block@vger.kernel.org, linux-kbuild@vger.kernel.org, clang-built-linux@googlegroups.com, Rasmus Villemoes , linux-hardening@vger.kernel.org Subject: Re: [PATCH v2 53/63] KVM: x86: Use struct_group() to zero decode cache Message-ID: <202108181605.44C504C@keescook> References: <20210818060533.3569517-1-keescook@chromium.org> <20210818060533.3569517-54-keescook@chromium.org> <202108180922.6C9E385A1@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On Wed, Aug 18, 2021 at 10:53:58PM +0000, Sean Christopherson wrote: > On Wed, Aug 18, 2021, Kees Cook wrote: > > On Wed, Aug 18, 2021 at 03:11:28PM +0000, Sean Christopherson wrote: > > > From dbdca1f4cd01fee418c252e54c360d518b2b1ad6 Mon Sep 17 00:00:00 2001 > > > From: Sean Christopherson > > > Date: Wed, 18 Aug 2021 08:03:08 -0700 > > > Subject: [PATCH] KVM: x86: Replace memset() "optimization" with normal > > > per-field writes > > > > > > Explicitly zero select fields in the emulator's decode cache instead of > > > zeroing the fields via a gross memset() that spans six fields. gcc and > > > clang are both clever enough to batch the first five fields into a single > > > quadword MOV, i.e. memset() and individually zeroing generate identical > > > code. > > > > > > Removing the wart also prepares KVM for FORTIFY_SOURCE performing > > > compile-time and run-time field bounds checking for memset(). > > > > > > No functional change intended. > > > > > > Reported-by: Kees Cook > > > Signed-off-by: Sean Christopherson > > > > Reviewed-by: Kees Cook > > > > Do you want me to take this patch into my tree, or do you want to carry > > it for KVM directly? > > That's a Paolo question :-) > > What's the expected timeframe for landing stricter bounds checking? If it's > 5.16 or later, the easiest thing would be to squeak this into 5.15. I'm hoping to land all the "compile time" stuff for 5.15, but realistically, some portions may not get there. I'll just carry this patch for now and if we need to swap trees we can do that. :) Thanks! -Kees -- Kees Cook