Re: compiler.h:417:38: error: call to '__compiletime_assert_59' declared with attribute error: BUILD_BUG_ON failed: sizeof(_i) > sizeof(long)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 13 Jun 2021 at 20:35, Greg Kroah-Hartman
<gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On Sun, Jun 13, 2021 at 08:25:19PM +0530, Naresh Kamboju wrote:
> > The following error was noticed on stable-rc 5.12, 5.10, 5.4, 4.19,
> > 4.14, 4.9 and 4.4
> > for i386 and arm.
> >
> > make --silent --keep-going --jobs=8
> > O=/home/tuxbuild/.cache/tuxmake/builds/current ARCH=arm
> > CROSS_COMPILE=arm-linux-gnueabihf- 'CC=sccache
> > arm-linux-gnueabihf-gcc' 'HOSTCC=sccache gcc'
> > In file included from /builds/linux/include/linux/kernel.h:11,
> >                  from /builds/linux/include/linux/list.h:9,
> >                  from /builds/linux/include/linux/preempt.h:11,
> >                  from /builds/linux/include/linux/hardirq.h:5,
> >                  from /builds/linux/include/linux/kvm_host.h:7,
> >                  from
> > /builds/linux/arch/arm/kvm/../../../virt/kvm/kvm_main.c:18:
> > In function '__gfn_to_hva_memslot',
> >     inlined from '__gfn_to_hva_many.part.6' at
> > /builds/linux/arch/arm/kvm/../../../virt/kvm/kvm_main.c:1446:9,
> >     inlined from '__gfn_to_hva_many' at
> > /builds/linux/arch/arm/kvm/../../../virt/kvm/kvm_main.c:1434:22:
> > /builds/linux/include/linux/compiler.h:417:38: error: call to
> > '__compiletime_assert_59' declared with attribute error: BUILD_BUG_ON
> > failed: sizeof(_i) > sizeof(long)
> >   _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
> >                                       ^
> > Reported-by: Linux Kernel Functional Testing <lkft@xxxxxxxxxx>
> >
> > ref:
> > https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc/-/jobs/1342604370#L389
>
> Odd.  Does Linus's tree have this problem?
>
> The only arm changes was in arch/arm/include/asm/cpuidle.h in the tree
> right now.  There are some kvm changes, but they are tiny...
>
> Can you bisect this?

The bisect script pointing to,

commit 1aa1b47db53e0a66899d63103b3ac1d7f54816bc
Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Date:   Tue Jun 8 15:31:42 2021 -0400
    kvm: avoid speculation-based attacks from out-of-range memslot accesses

    commit da27a83fd6cc7780fea190e1f5c19e87019da65c upstream.

    KVM's mechanism for accessing guest memory translates a guest physical
    address (gpa) to a host virtual address using the right-shifted gpa
    (also known as gfn) and a struct kvm_memory_slot.  The translation is
    performed in __gfn_to_hva_memslot using the following formula:

          hva = slot->userspace_addr + (gfn - slot->base_gfn) * PAGE_SIZE

    It is expected that gfn falls within the boundaries of the guest's
    physical memory.  However, a guest can access invalid physical addresses
    in such a way that the gfn is invalid.

    __gfn_to_hva_memslot is called from kvm_vcpu_gfn_to_hva_prot, which first
    retrieves a memslot through __gfn_to_memslot.  While __gfn_to_memslot
    does check that the gfn falls within the boundaries of the guest's
    physical memory or not, a CPU can speculate the result of the check and
    continue execution speculatively using an illegal gfn. The speculation
    can result in calculating an out-of-bounds hva.  If the resulting host
    virtual address is used to load another guest physical address, this
    is effectively a Spectre gadget consisting of two consecutive reads,
    the second of which is data dependent on the first.

    Right now it's not clear if there are any cases in which this is
    exploitable.  One interesting case was reported by the original author
    of this patch, and involves visiting guest page tables on x86.  Right
    now these are not vulnerable because the hva read goes through get_user(),
    which contains an LFENCE speculation barrier.  However, there are
    patches in progress for x86 uaccess.h to mask kernel addresses instead of
    using LFENCE; once these land, a guest could use speculation to read
    from the VMM's ring 3 address space.  Other architectures such as ARM
    already use the address masking method, and would be susceptible to
    this same kind of data-dependent access gadgets.  Therefore, this patch
    proactively protects from these attacks by masking out-of-bounds gfns
    in __gfn_to_hva_memslot, which blocks speculation of invalid hvas.

    Sean Christopherson noted that this patch does not cover
    kvm_read_guest_offset_cached.  This however is limited to a few bytes
    past the end of the cache, and therefore it is unlikely to be useful in
    the context of building a chain of data dependent accesses.

    Reported-by: Artemiy Margaritov <artemiy.margaritov@xxxxxxxxx>
    Co-developed-by: Artemiy Margaritov <artemiy.margaritov@xxxxxxxxx>
    Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
    Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
 include/linux/kvm_host.h | 10 +++++++++-

- Naresh



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux