[PATCH v2 53/63] KVM: x86: Use struct_group() to zero decode cache

[PATCH v2 00/63] Introduce strict memcpy() bounds checking · Kees Cook <hidden> · 2021-08-18
[PATCH v2 01/63] ipw2x00: Avoid field-overflowing memcpy() · Kees Cook <hidden> · 2021-08-18
[PATCH v2 02/63] net/mlx5e: Avoid field-overflowing memcpy() · Kees Cook <hidden> · 2021-08-18
[PATCH v2 04/63] pcmcia: ray_cs: Split memcpy() to avoid bounds check warning · Kees Cook <hidden> · 2021-08-18
[PATCH v2 03/63] rpmsg: glink: Replace strncpy() with strscpy_pad() · Kees Cook <hidden> · 2021-08-18
[PATCH v2 05/63] stddef: Introduce struct_group() helper macro · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 05/63] stddef: Introduce struct_group() helper macro · Dan Williams <hidden> · 2021-08-18
[PATCH v2 07/63] skbuff: Switch structure bounds to struct_group() · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 07/63] skbuff: Switch structure bounds to struct_group() · "Jason A. Donenfeld" <Jason@zx2c4.com> · 2021-09-01
[PATCH v2 08/63] bnxt_en: Use struct_group_attr() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 06/63] cxl/core: Replace unions with struct_group() · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 06/63] cxl/core: Replace unions with struct_group() · Dan Williams <hidden> · 2021-08-18
[PATCH v2 09/63] mwl8k: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 10/63] libertas: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 13/63] iommu/amd: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 13/63] iommu/amd: Use struct_group() for memcpy() region · Joerg Roedel <joro@8bytes.org> · 2021-08-18
[PATCH v2 14/63] cxgb3: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 12/63] thermal: intel: int340x_thermal: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 12/63] thermal: intel: int340x_thermal: Use struct_group() for memcpy() region · "Rafael J. Wysocki" <rafael@kernel.org> · 2021-11-23
Re: [PATCH v2 12/63] thermal: intel: int340x_thermal: Use struct_group() for memcpy() region · Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> · 2021-11-23
Re: [PATCH v2 12/63] thermal: intel: int340x_thermal: Use struct_group() for memcpy() region · "Rafael J. Wysocki" <rafael@kernel.org> · 2021-11-24
[PATCH v2 11/63] libertas_tf: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 29/63] fortify: Fix dropped strcpy() compile-time write overflow check · Kees Cook <hidden> · 2021-08-18
[PATCH v2 23/63] media: omap3isp: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 34/63] fortify: Detect struct member overflows in memcpy() at compile-time · Kees Cook <hidden> · 2021-08-18
[PATCH v2 30/63] fortify: Prepare to improve strnlen() and strlen() warnings · Kees Cook <hidden> · 2021-08-18
[PATCH v2 31/63] fortify: Allow strlen() and strnlen() to pass compile-time known lengths · Kees Cook <hidden> · 2021-08-18
[PATCH v2 28/63] fortify: Explicitly disable Clang support · Kees Cook <hidden> · 2021-08-18
[PATCH v2 36/63] scsi: ibmvscsi: Avoid multi-field memset() overflow by aiming at srp · Kees Cook <hidden> · 2021-08-18
[PATCH v2 24/63] sata_fsl: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 35/63] fortify: Detect struct member overflows in memmove() at compile-time · Kees Cook <hidden> · 2021-08-18
[PATCH v2 37/63] string.h: Introduce memset_after() for wiping trailing members/padding · Kees Cook <hidden> · 2021-08-18
[PATCH v2 42/63] net: dccp: Use memset_startat() for TP zeroing · Kees Cook <hidden> · 2021-08-18
[PATCH v2 59/63] can: flexcan: Use struct_group() to zero struct flexcan_regs regions · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 59/63] can: flexcan: Use struct_group() to zero struct flexcan_regs regions · Marc Kleine-Budde <mkl@pengutronix.de> · 2021-08-18
[PATCH v2 60/63] net/af_iucv: Use struct_group() to zero struct iucv_sock region · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 60/63] net/af_iucv: Use struct_group() to zero struct iucv_sock region · Karsten Graul <hidden> · 2021-09-09
[PATCH v2 47/63] intel_th: msu: Use memset_startat() for clearing hw header · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 47/63] intel_th: msu: Use memset_startat() for clearing hw header · Alexander Shishkin <alexander.shishkin@linux.intel.com> · 2021-08-24
[PATCH v2 63/63] fortify: Work around Clang inlining bugs · Kees Cook <hidden> · 2021-08-18
[PATCH v2 61/63] powerpc: Split memset() to avoid multi-field overflow · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 61/63] powerpc: Split memset() to avoid multi-field overflow · Christophe Leroy <hidden> · 2021-08-18
Re: [PATCH v2 61/63] powerpc: Split memset() to avoid multi-field overflow · Kees Cook <hidden> · 2021-08-18
[PATCH v2 62/63] fortify: Detect struct member overflows in memset() at compile-time · Kees Cook <hidden> · 2021-08-18
[PATCH v2 53/63] KVM: x86: Use struct_group() to zero decode cache · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 53/63] KVM: x86: Use struct_group() to zero decode cache · Sean Christopherson <seanjc@google.com> · 2021-08-18
Re: [PATCH v2 53/63] KVM: x86: Use struct_group() to zero decode cache · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 53/63] KVM: x86: Use struct_group() to zero decode cache · Sean Christopherson <seanjc@google.com> · 2021-08-18
Re: [PATCH v2 53/63] KVM: x86: Use struct_group() to zero decode cache · Kees Cook <hidden> · 2021-08-18
[PATCH v2 17/63] bnx2x: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 19/63] staging: wlan-ng: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 18/63] drm/amd/pm: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 18/63] drm/amd/pm: Use struct_group() for memcpy() region · Lazar, Lijo <hidden> · 2021-08-18
Re: [PATCH v2 18/63] drm/amd/pm: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 18/63] drm/amd/pm: Use struct_group() for memcpy() region · Lazar, Lijo <hidden> · 2021-08-19
Re: [PATCH v2 18/63] drm/amd/pm: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-19
[PATCH v2 46/63] iw_cxgb4: Use memset_startat() for cpl_t5_pass_accept_rpl · Kees Cook <hidden> · 2021-08-18
[PATCH v2 38/63] xfrm: Use memset_after() to clear padding · Kees Cook <hidden> · 2021-08-18
[PATCH v2 39/63] ipv6: Use memset_after() to zero rt6_info · Kees Cook <hidden> · 2021-08-18
[PATCH v2 26/63] lib/string: Move helper functions out of string.c · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 26/63] lib/string: Move helper functions out of string.c · Andy Shevchenko <andriy.shevchenko@linux.intel.com> · 2021-08-18
[PATCH v2 48/63] IB/mthca: Use memset_startat() for clearing mpt_entry · Kees Cook <hidden> · 2021-08-18
[PATCH v2 51/63] drbd: Use struct_group() to zero algs · Kees Cook <hidden> · 2021-08-18
[PATCH v2 27/63] fortify: Move remaining fortify helpers into fortify-string.h · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 27/63] fortify: Move remaining fortify helpers into fortify-string.h · Francis Laniel <hidden> · 2021-08-18
[PATCH v2 25/63] compiler_types.h: Remove __compiletime_object_size() · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 25/63] compiler_types.h: Remove __compiletime_object_size() · Miguel Ojeda <hidden> · 2021-08-18
[PATCH v2 50/63] tracing: Use memset_startat() to zero struct trace_iterator · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 50/63] tracing: Use memset_startat() to zero struct trace_iterator · Steven Rostedt <rostedt@goodmis.org> · 2021-08-18
Re: [PATCH v2 50/63] tracing: Use memset_startat() to zero struct trace_iterator · Kees Cook <hidden> · 2021-08-18
[PATCH v2 44/63] mac80211: Use memset_after() to clear tx status · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 44/63] mac80211: Use memset_after() to clear tx status · Johannes Berg <johannes@sipsolutions.net> · 2021-08-18
Re: [PATCH v2 44/63] mac80211: Use memset_after() to clear tx status · Johannes Berg <johannes@sipsolutions.net> · 2021-08-18
Re: [PATCH v2 44/63] mac80211: Use memset_after() to clear tx status · Kees Cook <hidden> · 2021-08-18
[PATCH v2 15/63] intersil: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 16/63] cxgb4: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 56/63] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 56/63] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr · Jason Gunthorpe <jgg@ziepe.ca> · 2021-08-19
Re: [PATCH v2 56/63] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr · Kees Cook <hidden> · 2021-08-19
Re: [PATCH v2 56/63] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr · Jason Gunthorpe <jgg@ziepe.ca> · 2021-08-19
Re: [PATCH v2 56/63] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr · Kees Cook <hidden> · 2021-08-19
Re: [PATCH v2 56/63] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr · Jason Gunthorpe <jgg@ziepe.ca> · 2021-08-20
Re: [PATCH v2 56/63] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr · Kees Cook <hidden> · 2021-08-20
[PATCH v2 20/63] drm/mga/mga_ioc32: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 41/63] net: 802: Use memset_startat() to clear struct fields · Kees Cook <hidden> · 2021-08-18
[PATCH v2 43/63] net: qede: Use memset_startat() for counters · Kees Cook <hidden> · 2021-08-18
[PATCH v2 40/63] netfilter: conntrack: Use memset_startat() to zero struct nf_conn · Kees Cook <hidden> · 2021-08-18
[PATCH v2 49/63] btrfs: Use memset_startat() to clear end of struct · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 49/63] btrfs: Use memset_startat() to clear end of struct · Nikolay Borisov <hidden> · 2021-08-18
Re: [PATCH v2 49/63] btrfs: Use memset_startat() to clear end of struct · David Sterba <hidden> · 2021-08-18
[PATCH v2 54/63] dm integrity: Use struct_group() to zero struct journal_sector · Kees Cook <hidden> · 2021-08-18
[PATCH v2 52/63] cm4000_cs: Use struct_group() to zero struct cm4000_dev region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 58/63] ethtool: stats: Use struct_group() to clear all stats at once · Kees Cook <hidden> · 2021-08-18
[PATCH v2 32/63] fortify: Add compile-time FORTIFY_SOURCE tests · Kees Cook <hidden> · 2021-08-18
[PATCH v2 33/63] lib: Introduce CONFIG_TEST_MEMCPY · Kees Cook <hidden> · 2021-08-18
[PATCH v2 55/63] HID: roccat: Use struct_group() to zero kone_mouse_event · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 55/63] HID: roccat: Use struct_group() to zero kone_mouse_event · Jiri Kosina <jikos@kernel.org> · 2021-08-20
[PATCH v2 22/63] HID: cp2112: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 22/63] HID: cp2112: Use struct_group() for memcpy() region · Jiri Kosina <jikos@kernel.org> · 2021-08-20
Re: [PATCH v2 22/63] HID: cp2112: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-20
[PATCH v2 57/63] powerpc/signal32: Use struct_group() to zero spe regs · Kees Cook <hidden> · 2021-08-18
Re: [PATCH v2 57/63] powerpc/signal32: Use struct_group() to zero spe regs · Michael Ellerman <mpe@ellerman.id.au> · 2021-08-20
Re: [PATCH v2 57/63] powerpc/signal32: Use struct_group() to zero spe regs · Christophe Leroy <hidden> · 2021-08-20
Re: [PATCH v2 57/63] powerpc/signal32: Use struct_group() to zero spe regs · Michael Ellerman <mpe@ellerman.id.au> · 2021-08-20
Re: [PATCH v2 57/63] powerpc/signal32: Use struct_group() to zero spe regs · Kees Cook <hidden> · 2021-08-20
Re: [PATCH v2 57/63] powerpc/signal32: Use struct_group() to zero spe regs · Michael Ellerman <mpe@ellerman.id.au> · 2021-08-23
[PATCH v2 21/63] net/mlx5e: Use struct_group() for memcpy() region · Kees Cook <hidden> · 2021-08-18
[PATCH v2 45/63] ath11k: Use memset_startat() for clearing queue descriptors · Kees Cook <hidden> · 2021-08-18

STALE1678d

Revisions (2)

2021-07-27 v1 [diff vs current]
2021-08-18 v2 current

From: Kees Cook <hidden>
Date: 2021-08-18 06:15:51
Also in: dri-devel, kvm, linux-hardening, linux-kbuild, linux-staging, linux-wireless, lkml, netdev
Subsystem: kernel virtual machine for x86 (kvm/x86), the rest, x86 architecture (32-bit and 64-bit) · Maintainers: Sean Christopherson, Paolo Bonzini, Linus Torvalds, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memset(), avoid intentionally writing across
neighboring fields.

Add struct_group() to mark region of struct x86_emulate_ctxt that should
be initialized to zero.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Sean Christopherson <seanjc@google.com>
Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: Wanpeng Li <redacted>
Cc: Jim Mattson <redacted>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Thomas Gleixner <redacted>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: x86@kernel.org
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: kvm@vger.kernel.org
Signed-off-by: Kees Cook <redacted>
---
 arch/x86/kvm/emulate.c     |  3 +--
 arch/x86/kvm/kvm_emulate.h | 19 +++++++++++--------
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 2837110e66ed..2608a047e769 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c

@@ -5377,8 +5377,7 @@ static int fastop(struct x86_emulate_ctxt *ctxt, fastop_t fop)
 
 void init_decode_cache(struct x86_emulate_ctxt *ctxt)
 {
-	memset(&ctxt->rip_relative, 0,
-	       (void *)&ctxt->modrm - (void *)&ctxt->rip_relative);
+	memset(&ctxt->decode_cache, 0, sizeof(ctxt->decode_cache));
 
 	ctxt->io_read.pos = 0;
 	ctxt->io_read.end = 0;

diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h
index 68b420289d7e..9b8afcb8ad39 100644
--- a/arch/x86/kvm/kvm_emulate.h
+++ b/arch/x86/kvm/kvm_emulate.h

@@ -341,14 +341,17 @@ struct x86_emulate_ctxt {
 	 * the rest are initialized unconditionally in x86_decode_insn
 	 * or elsewhere
 	 */
-	bool rip_relative;
-	u8 rex_prefix;
-	u8 lock_prefix;
-	u8 rep_prefix;
-	/* bitmaps of registers in _regs[] that can be read */
-	u32 regs_valid;
-	/* bitmaps of registers in _regs[] that have been written */
-	u32 regs_dirty;
+	struct_group(decode_cache,
+		bool rip_relative;
+		u8 rex_prefix;
+		u8 lock_prefix;
+		u8 rep_prefix;
+		/* bitmaps of registers in _regs[] that can be read */
+		u32 regs_valid;
+		/* bitmaps of registers in _regs[] that have been written */
+		u32 regs_dirty;
+	);
+
 	/* modrm */
 	u8 modrm;
 	u8 modrm_mod;

-- 
2.30.2

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help