Re: [PATCH] KVM: x86: work around leak of uninitialized stack contents

From: Paolo Bonzini
Date: Fri Sep 13 2019 - 05:07:45 EST

Next message: Colin King: "[PATCH] qed: fix spelling mistake "fullill" -> "fulfill""
Previous message: Christian Brauner: "Re: [PATCH v2] fork: check exit_signal passed in clone3() call"
In reply to: Sean Christopherson: "Re: [PATCH] KVM: x86: work around leak of uninitialized stack contents"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 13/09/19 01:52, Sean Christopherson wrote:
>>>
>> Perhaps you could also add a comment like the one Paolo added when he
>> made the same change in kvm_read_guest_virt?
>> See commit 353c0956a618 ("KVM: x86: work around leak of uninitialized
>> stack contents (CVE-2019-7222)").
> I have a better hack-a-fix, we can handle the unexpected MMIO using master
> abort semantics, i.e. reads return all ones, writes are dropped. It's not
> 100% correct as KVM won't handle the case where the address is legit MMIO,
> but it's at least sometimes correct and thus better than a #PF.

That's still hacky though. I agree with Jim that
KVM_EXIT_INTERNAL_ERROR is basically "math is hard, let's go shopping"
but it's better than making up our own behavior (of either the chipset
or the processor).

I'll add the comment and commit Fuqiang's patch.

Paolo

Next message: Colin King: "[PATCH] qed: fix spelling mistake "fullill" -> "fulfill""
Previous message: Christian Brauner: "Re: [PATCH v2] fork: check exit_signal passed in clone3() call"
In reply to: Sean Christopherson: "Re: [PATCH] KVM: x86: work around leak of uninitialized stack contents"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]