[RFC PATCH] kvm: x86/vmx: Use kzalloc for cached_vmcs12

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Tom Roeder <tmroeder@google.com>
To: "Paolo Bonzini" <pbonzini@redhat.com>,
	"Radim Krčmář" <rkrcmar@redhat.com>
Cc: Liran Alon <liran.alon@oracle.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	"H . Peter Anvin" <hpa@zytor.com>,
	x86@kernel.org, kvm@vger.kernel.org,
	linux-kernel@vger.kernel.org, Tom Roeder <tmroeder@google.com>,
	syzbot+ded1696f6b50b615b630@syzkaller.appspotmail.com
Subject: [RFC PATCH] kvm: x86/vmx: Use kzalloc for cached_vmcs12
Date: Mon, 14 Jan 2019 15:47:28 -0800	[thread overview]
Message-ID: <20190114234728.49239-1-tmroeder@google.com> (raw)
In-Reply-To: <6f79d9be-fa76-3a06-2612-f44f3a18ece7@redhat.com>

This changes the allocation of cached_vmcs12 to use kzalloc instead of
kmalloc. This removes the information leak found by Syzkaller (see
Reported-by) in this case and prevents similar leaks from happening
based on cached_vmcs12.

The email from Syszkaller led to a discussion about a patch in early
November on the KVM list (I've made this a reply to that thread), but
the current upstream kernel still has kmalloc instead of kzalloc for
cached_vmcs12 and cached_shadow_vmcs12. This RFC proposes changing to
kzalloc for defense in depth.

Tested: rebuilt but not tested, since this is an RFC

Reported-by: syzbot+ded1696f6b50b615b630@syzkaller.appspotmail.com
Signed-off-by: Tom Roeder <tmroeder@google.com>
---
 arch/x86/kvm/vmx/nested.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 2616bd2c7f2c7..ad46667042c7a 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -4140,11 +4140,11 @@ static int enter_vmx_operation(struct kvm_vcpu *vcpu)
 	if (r < 0)
 		goto out_vmcs02;
 
-	vmx->nested.cached_vmcs12 = kmalloc(VMCS12_SIZE, GFP_KERNEL);
+	vmx->nested.cached_vmcs12 = kzalloc(VMCS12_SIZE, GFP_KERNEL);
 	if (!vmx->nested.cached_vmcs12)
 		goto out_cached_vmcs12;
 
-	vmx->nested.cached_shadow_vmcs12 = kmalloc(VMCS12_SIZE, GFP_KERNEL);
+	vmx->nested.cached_shadow_vmcs12 = kzalloc(VMCS12_SIZE, GFP_KERNEL);
 	if (!vmx->nested.cached_shadow_vmcs12)
 		goto out_cached_shadow_vmcs12;
 
-- 
2.20.1.97.g81188d93c3-goog

next prev parent reply	other threads:[~2019-01-14 23:47 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-11-07  1:38 KMSAN: kernel-infoleak in kvm_vcpu_write_guest_page syzbot
2018-11-07 12:10 ` Alexander Potapenko
2018-11-07 12:47   ` Paolo Bonzini
2018-11-07 12:58     ` Liran Alon
2018-11-07 13:37       ` Paolo Bonzini
2019-01-14 23:47         ` Tom Roeder [this message]
2019-01-15  0:03           ` [RFC PATCH] kvm: x86/vmx: Use kzalloc for cached_vmcs12 Jim Mattson
2019-01-15  2:43           ` Sean Christopherson
2019-01-15 10:15             ` Paolo Bonzini
2019-01-23 18:25               ` Tom Roeder
2019-01-24  1:17                 ` Paolo Bonzini
2019-01-15 17:51             ` Tom Roeder
2019-01-23 18:33               ` Tom Roeder
2019-01-24  1:18                 ` Paolo Bonzini
2019-01-24 21:46                   ` Tom Roeder
2018-11-07 12:52   ` KMSAN: kernel-infoleak in kvm_vcpu_write_guest_page Liran Alon

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:2616bd2c7f2c dfblob:ad46667042c7 )
 OR (
bs:"[RFC PATCH] kvm: x86/vmx: Use kzalloc for cached_vmcs12" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190114234728.49239-1-tmroeder@google.com \
    --to=tmroeder@google.com \
    --cc=bp@alien8.de \
    --cc=hpa@zytor.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=liran.alon@oracle.com \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=rkrcmar@redhat.com \
    --cc=syzbot+ded1696f6b50b615b630@syzkaller.appspotmail.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.