[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH L1TF MDS GT v1 3/3] common/grant_table: harden version dependent accesses


  • To: Norbert Manthey <nmanthey@xxxxxxxxx>
  • From: Jan Beulich <JBeulich@xxxxxxxx>
  • Date: Wed, 10 Jul 2019 03:12:35 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=suse.com;dmarc=pass action=none header.from=suse.com;dkim=pass header.d=suse.com;arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Mzpc3/DpfRUvLJfY05gVEJbpX+PE7/hqYS/Vzq9ZLf8=; b=cxj/f9hEKxzBjaBLmNhDh++0hXAtuoCmwOhnTxviFCqVFl4EyfQPQXCSoiDHVjJJsUUNAnns/6V+3UZQZ11NuQbfZiDX+WUXQuD22vfaCk6+txy89rVzXi/YyRXoNTBYIYh+ewhVjM5AfPT/URPew34/Lsv3wjZFNXt0R65tsWiIKau8zgCXKV9Pn1K84aJheufika5e6XyrFX9i88vSszgw4WtORyh8o4fWz6kDNsD0s2A9f9udrHL/gqOlcIYWaGXK25bc6qlpAw87nHGZN7gjXQRbPOoe3ZDchfHygcYJHoI9CzGSIEfCPX3Qba0r55ZbKnljbdkTNSVFoszHgg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Tnmwa6darAWSaSE0RKsf4Jlc8askGW37Sfb2LfDfYgndbQmVA9meCIrhHkxc0r+MvZ4Yv6va49rR9uyHUezlLLcxCJUlICGr9wfDAz/d5UDJ6U/vTMWYOIGHDBjewSW9vAV9lYVVVGvff8HEs/b+omXQ2wkjYEVxPfRlmpBw/EQNuCksnhi51BtmIfYnj2lJRENqsSxwhdFl/gz0eQNakwGveijTOmZy3eAwjdTaEahOGO1yuo+acCwN0+EGbqlIdOUct4x/EkV1sCO/nKsyFS8Y5kH8fBPHH9MgyLhXtvmIzR8m18a3SP49b1JQcUmpvODuxHMY69yvwnu1ImZmFg==
  • Authentication-results: spf=none (sender IP is ) smtp.mailfrom=JBeulich@xxxxxxxx;
  • Cc: Juergen Gross <JGross@xxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, IanJackson <Ian.Jackson@xxxxxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Martin Pohlack <mpohlack@xxxxxxxxx>, "wipawel@xxxxxxxxx" <wipawel@xxxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, David Woodhouse <dwmw@xxxxxxxxxxxx>, "Martin Mazein\(amazein\)" <amazein@xxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Bjoern Doebel <doebel@xxxxxxxxx>
  • Delivery-date: Wed, 10 Jul 2019 03:13:23 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHVNZSwqRIQi+rMn0iDaub9ZwgNrabDL3kA
  • Thread-topic: [Xen-devel] [PATCH L1TF MDS GT v1 3/3] common/grant_table: harden version dependent accesses

On 08.07.2019 15:53, Norbert Manthey wrote:
> On 5/23/19 17:01, Jan Beulich wrote:
>>>>> On 21.05.19 at 09:45, <nmanthey@xxxxxxxxx> wrote:
>>>   * gnttab_set_version: all accessible data is allocated for both versions
>> This is not enough for my taste: The very first loop is safe only
>> because nr_grant_entries() is. And speculating into
>> gnttab_unpopulate_status_frames() doesn't look safe at all, as
>> gt->status[i] may be NULL.
> So, you basically want to see a block_speculation() at the beginning of
> the function gnttab_populate_status_frames and
> gnttab_unpopulate_status_frames? I do not claim to protect against
> speculative out-of-bound accesses that are caused by the for loop in
> gnttab_set_version.

The point isn't the loop, but the fact that by mis-speculating through
the two conditions before the function call a NULL gt->status[0] may
get accessed, entirely independent of this being a loop or just a
singular access.

Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.