On 18.12.20 15:18, Claudio Imbrenda wrote:
The addresses in the SIE control block of the host should not be forwarded to the guest. They are only meaningful to the host, and moreover it would be a clear security issue.
It's really almost impossible for someone without access to documentation to understand what we leak. I assume we're leaking the g1 address of a page table (entry), used for translation of g2->g3 to g1. Can you try making that clearer?
In that case, it's pretty much a random number (of a random page used as a leave page table) and does not let g1 identify locations of symbols etc. If so, I don't think this is a "clear security issue" and suggest squashing this into the actual fix (#p4 I assume).
@Christian, @Janosch? Am I missing something?
Subsequent patches will actually put the right values in the guest SIE control block.
Fixes: a3508fbe9dc6d ("KVM: s390: vsie: initial support for nested virtualization") Cc: stable@vger.kernel.org Signed-off-by: Claudio Imbrenda imbrenda@linux.ibm.com
arch/s390/kvm/vsie.c | 5 ----- 1 file changed, 5 deletions(-)
diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c index 4f3cbf6003a9..ada49583e530 100644 --- a/arch/s390/kvm/vsie.c +++ b/arch/s390/kvm/vsie.c @@ -416,11 +416,6 @@ static void unshadow_scb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) memcpy((void *)((u64)scb_o + 0xc0), (void *)((u64)scb_s + 0xc0), 0xf0 - 0xc0); break;
- case ICPT_PARTEXEC:
/* MVPG only */memcpy((void *)((u64)scb_o + 0xc0),(void *)((u64)scb_s + 0xc0), 0xd0 - 0xc0);break;if (scb_s->ihcpu != 0xffffU)