[PATCH v2 53/63] KVM: x86: Use struct_group() to zero decode cache
Kees Cook
keescook at chromium.org
Wed Aug 18 23:06:39 UTC 2021
On Wed, Aug 18, 2021 at 10:53:58PM +0000, Sean Christopherson wrote:
> On Wed, Aug 18, 2021, Kees Cook wrote:
> > On Wed, Aug 18, 2021 at 03:11:28PM +0000, Sean Christopherson wrote:
> > > From dbdca1f4cd01fee418c252e54c360d518b2b1ad6 Mon Sep 17 00:00:00 2001
> > > From: Sean Christopherson <seanjc at google.com>
> > > Date: Wed, 18 Aug 2021 08:03:08 -0700
> > > Subject: [PATCH] KVM: x86: Replace memset() "optimization" with normal
> > > per-field writes
> > >
> > > Explicitly zero select fields in the emulator's decode cache instead of
> > > zeroing the fields via a gross memset() that spans six fields. gcc and
> > > clang are both clever enough to batch the first five fields into a single
> > > quadword MOV, i.e. memset() and individually zeroing generate identical
> > > code.
> > >
> > > Removing the wart also prepares KVM for FORTIFY_SOURCE performing
> > > compile-time and run-time field bounds checking for memset().
> > >
> > > No functional change intended.
> > >
> > > Reported-by: Kees Cook <keescook at chromium.org>
> > > Signed-off-by: Sean Christopherson <seanjc at google.com>
> >
> > Reviewed-by: Kees Cook <keescook at chromium.org>
> >
> > Do you want me to take this patch into my tree, or do you want to carry
> > it for KVM directly?
>
> That's a Paolo question :-)
>
> What's the expected timeframe for landing stricter bounds checking? If it's
> 5.16 or later, the easiest thing would be to squeak this into 5.15.
I'm hoping to land all the "compile time" stuff for 5.15, but
realistically, some portions may not get there. I'll just carry this
patch for now and if we need to swap trees we can do that. :)
Thanks!
-Kees
--
Kees Cook
More information about the dri-devel
mailing list