Re: [PATCH v2 10/13] KVM: x86: Shrink the usercopy region of the emulation context

Vitaly Kuznetsov <vkuznets@xxxxxxxxxx> · Wed, 26 Feb 2020 18:51:02 +0100

Sean Christopherson <sean.j.christopherson@xxxxxxxxx> writes:

> Shuffle a few operand structs to the end of struct x86_emulate_ctxt and
> update the cache creation to whitelist only the region of the emulation
> context that is expected to be copied to/from user memory, e.g. the
> instruction operands, registers, and fetch/io/mem caches.
>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> ---
>  arch/x86/kvm/kvm_emulate.h |  8 +++++---
>  arch/x86/kvm/x86.c         | 12 ++++++------
>  2 files changed, 11 insertions(+), 9 deletions(-)
>
> diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h
> index 2f0a600efdff..82f712d5c692 100644
> --- a/arch/x86/kvm/kvm_emulate.h
> +++ b/arch/x86/kvm/kvm_emulate.h
> @@ -322,9 +322,6 @@ struct x86_emulate_ctxt {
>  	u8 intercept;
>  	u8 op_bytes;
>  	u8 ad_bytes;
> -	struct operand src;
> -	struct operand src2;
> -	struct operand dst;
>  	int (*execute)(struct x86_emulate_ctxt *ctxt);
>  	int (*check_perm)(struct x86_emulate_ctxt *ctxt);
>  	/*
> @@ -349,6 +346,11 @@ struct x86_emulate_ctxt {
>  	u8 seg_override;
>  	u64 d;
>  	unsigned long _eip;
> +
> +	/* Here begins the usercopy section. */
> +	struct operand src;
> +	struct operand src2;
> +	struct operand dst;

Out of pure curiosity, how certain are we that this is going to be
enough for userspaces?

>  	struct operand memop;
>  	/* Fields above regs are cleared together. */
>  	unsigned long _regs[NR_VCPU_REGS];
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 370af9fe0f5b..e1eaca65756b 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -235,13 +235,13 @@ static struct kmem_cache *x86_emulator_cache;
>  
>  static struct kmem_cache *kvm_alloc_emulator_cache(void)
>  {
> -	return kmem_cache_create_usercopy("x86_emulator",
> -					  sizeof(struct x86_emulate_ctxt),
> +	unsigned int useroffset = offsetof(struct x86_emulate_ctxt, src);
> +	unsigned int size = sizeof(struct x86_emulate_ctxt);
> +
> +	return kmem_cache_create_usercopy("x86_emulator", size,
>  					  __alignof__(struct x86_emulate_ctxt),
> -					  SLAB_ACCOUNT,
> -					  0,
> -					  sizeof(struct x86_emulate_ctxt),
> -					  NULL);
> +					  SLAB_ACCOUNT, useroffset,
> +					  size - useroffset, NULL);
>  }
>  
>  static int emulator_fix_hypercall(struct x86_emulate_ctxt *ctxt);

-- 
Vitaly