From patchwork Wed Mar 6 15:50:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nitesh Narayan Lal X-Patchwork-Id: 10841411 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2998C17E0 for ; Wed, 6 Mar 2019 15:52:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1A3982E73A for ; Wed, 6 Mar 2019 15:52:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1863F2E7A6; Wed, 6 Mar 2019 15:52:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 948F12E780 for ; Wed, 6 Mar 2019 15:52:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730067AbfCFPv1 (ORCPT ); Wed, 6 Mar 2019 10:51:27 -0500 Received: from mx1.redhat.com ([209.132.183.28]:34480 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726512AbfCFPv0 (ORCPT ); Wed, 6 Mar 2019 10:51:26 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7EBB388305; Wed, 6 Mar 2019 15:51:26 +0000 (UTC) Received: from virtlab420.virt.lab.eng.bos.redhat.com (virtlab420.virt.lab.eng.bos.redhat.com [10.19.152.148]) by smtp.corp.redhat.com (Postfix) with ESMTP id CBFFF1001E60; Wed, 6 Mar 2019 15:51:21 +0000 (UTC) From: Nitesh Narayan Lal To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, pbonzini@redhat.com, lcapitulino@redhat.com, pagupta@redhat.com, wei.w.wang@intel.com, yang.zhang.wz@gmail.com, riel@surriel.com, david@redhat.com, mst@redhat.com, dodgen@google.com, konrad.wilk@oracle.com, dhildenb@redhat.com, aarcange@redhat.com, alexander.duyck@gmail.com Subject: [RFC][Patch v9 4/6] KVM: Reporting page poisoning value to the host Date: Wed, 6 Mar 2019 10:50:46 -0500 Message-Id: <20190306155048.12868-5-nitesh@redhat.com> In-Reply-To: <20190306155048.12868-1-nitesh@redhat.com> References: <20190306155048.12868-1-nitesh@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 06 Mar 2019 15:51:26 +0000 (UTC) Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This patch enables the kernel to report the page poisoning value to the host by using VIRTIO_BALLOON_F_PAGE_POISON feature. Page Poisoning is a feature in which the page is filled with a specific pattern of (0x00 or 0xaa) after freeing and the same is verified before allocation to prevent following issues: *information leak from the freed data *use after free bugs *memory corruption The issue arises when the pattern used for Page Poisoning is 0xaa while the newly allocated page received from the host by the guest is filled with the pattern 0x00. This will result in memory corruption errors. Signed-off-by: Nitesh Narayan Lal --- drivers/virtio/virtio_balloon.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c index cfe7574b5204..e82c72cd916b 100644 --- a/drivers/virtio/virtio_balloon.c +++ b/drivers/virtio/virtio_balloon.c @@ -970,6 +970,11 @@ static int virtballoon_probe(struct virtio_device *vdev) } #ifdef CONFIG_KVM_FREE_PAGE_HINTING + if (virtio_has_feature(vdev, VIRTIO_BALLOON_F_PAGE_POISON)) { + memset(&poison_val, PAGE_POISON, sizeof(poison_val)); + virtio_cwrite(vb->vdev, struct virtio_balloon_config, + poison_val, &poison_val); + } if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_HINTING)) enable_hinting(vb); #endif