From patchwork Thu Oct 26 13:45:46 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 10028273 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id B4C956022E for ; Thu, 26 Oct 2017 13:46:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A7EFA28E1B for ; Thu, 26 Oct 2017 13:46:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9CA5428E21; Thu, 26 Oct 2017 13:46:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 8F90E28E1B for ; Thu, 26 Oct 2017 13:46:17 +0000 (UTC) Received: (qmail 7309 invoked by uid 550); 26 Oct 2017 13:46:03 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 7280 invoked from network); 26 Oct 2017 13:46:03 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=fTKJlkKZwtTyNTlWFQhsRnaHB/6SHRGqqRn7Aut9mk4=; b=ItshAUgXc7GojwYik9iz+Zdo6eXJH8umEckF0b1vM/vToejmLN+OQXLnPv7TiaDRHD vmS8xKHfB15ZqeHqSsLTjX8N15HF/F20yCUbYEa0H8Ot9fhzQoJn5/0BYzUlOyYaNCqr x51D6POORBqu6kmsr8V1v5LT01VWPOOR3kKy9t8JW7Tn6EwwHNL5nh5jzfqDaKenVSPu bnyDJwji8NI8fZvwC/ixRkv4c+uHnUz2bsieWl7RN9x/939V2AIGmTb7lJHOZBnLB1zu DH0DwgZNQulozvZazh+APB2ZQwcKQ/KlW8QT7vDWc4tA/PoFJeaR2jIi0taZBm3bU2TR fClA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=fTKJlkKZwtTyNTlWFQhsRnaHB/6SHRGqqRn7Aut9mk4=; b=cdE65tq1BU/WFVesz29T/t26e7oqXeWdadVJrkVt/KZ4QA3s4SJRU1mJ5x6hoAao5N pt587mjW/FoPe+x4FQ5KWYOPqQS/aa9DyuUcrQgLT9b3W3XwnjscgMjCbZKnxkrIYO0S TUe70zMQXep+t2mINRY7OcoEuVWg3rgyiXqpeXTNT0o34QV1ZYv5H2nvm/HZVI3J5Hvr o8kXGG8JmDnys8QcmgQIobuUaXO81j4Tq1q7Mfbh/pzcrLfHN6GDEaLuct8LUGuNxS6r yexu6arIahN/PJP4aRyYMI2EIoSWuEjgGCMKKeXmy8Lk2Je/ycc7lDKRGrjXqMM+4qbm b8cQ== X-Gm-Message-State: AMCzsaVXdxVYSCj/37XShfAM7jPm9bf9/w++gVgHCm8R9t/2gPJwTSLl iMMTng6Lyahmg2/rk54yBxQ= X-Google-Smtp-Source: ABhQp+QpK9LHmj2u9HkcZkBwKN+zTqAlCA/rd+iKtNbTByAoPbOa/Df6tqlwFPRa+DiYGmdW/2xvxQ== X-Received: by 10.28.215.194 with SMTP id o185mr1561530wmg.105.1509025551328; Thu, 26 Oct 2017 06:45:51 -0700 (PDT) Sender: Paolo Bonzini From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Christoffer Dall , Marc Zyngier , Christian Borntraeger , Cornelia Huck , James Hogan , Paul Mackerras , kernel-hardening@lists.openwall.com, Kees Cook , Christian Borntraeger , Christoffer Dall , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= Date: Thu, 26 Oct 2017 15:45:46 +0200 Message-Id: <20171026134547.23664-2-pbonzini@redhat.com> X-Mailer: git-send-email 2.14.2 In-Reply-To: <20171026134547.23664-1-pbonzini@redhat.com> References: <20171026134547.23664-1-pbonzini@redhat.com> MIME-Version: 1.0 Subject: [kernel-hardening] [PATCH 1/2] kvm: whitelist struct kvm_vcpu_arch X-Virus-Scanned: ClamAV using ClamSMTP On x86, ARM and s390, struct kvm_vcpu_arch has a usercopy region taht is read and written by the KVM_GET/SET_CPUID2 ioctls (x86) or KVM_GET/SET_ONE_REG (ARM/s390). Without whitelisting the area, KVM is completely broken on those architectures with usercopy hardening enabled. For now, allow writing to the entire struct on all architectures. The KVM tree will not refine this to an architecture-specific subset of struct kvm_vcpu_arch. Cc: kernel-hardening@lists.openwall.com Cc: Kees Cook Cc: Christian Borntraeger Cc: Christoffer Dall Cc: Radim Krčmář Signed-off-by: Paolo Bonzini Acked-by: Cornelia Huck Acked-by: Christoffer Dall Acked-by: Marc Zyngier Acked-by: Christian Borntraeger --- virt/kvm/kvm_main.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 4d81f6ded88e..b4809ccfdfa1 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -4005,8 +4005,12 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, /* A kmem cache lets us meet the alignment requirements of fx_save. */ if (!vcpu_align) vcpu_align = __alignof__(struct kvm_vcpu); - kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align, - 0, NULL); + kvm_vcpu_cache = + kmem_cache_create_usercopy("kvm_vcpu", + sizeof(struct kvm_vcpu), vcpu_align, + 0, offsetof(struct kvm_vcpu, arch), + sizeof_field(struct kvm_vcpu, arch), + NULL); if (!kvm_vcpu_cache) { r = -ENOMEM; goto out_free_3;