On Wed, 2019-02-20 at 20:15 +0000, Joao Martins wrote: > +static int kvm_xen_shared_info_init(struct kvm *kvm, gfn_t gfn) > +{ > + struct shared_info *shared_info; > + struct page *page; > + > + page = gfn_to_page(kvm, gfn); > + if (is_error_page(page)) > + return -EINVAL; > + > + kvm->arch.xen.shinfo_addr = gfn; > + > + shared_info = page_to_virt(page); > + memset(shared_info, 0, sizeof(struct shared_info)); > + kvm->arch.xen.shinfo = shared_info; > + return 0; > +} > + Hm. How come we get to pin the page and directly dereference it every time, while kvm_setup_pvclock_page() has to use kvm_write_guest_cached() instead? If that was allowed, wouldn't it have been a much simpler fix for CVE-2019-3016? What am I missing? Should I rework these to use kvm_write_guest_cached()?
Attachment:
smime.p7s
Description: S/MIME cryptographic signature