lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 14 Jan 2018 12:37:31 -0800
From:   tip-bot for Jan Kiszka <tipbot@...or.com>
To:     linux-tip-commits@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org, jan.kiszka@...mens.com,
        mingo@...nel.org, tglx@...utronix.de, hpa@...or.com
Subject: [tip:x86/platform] x86/jailhouse: Avoid access of unsupported
 platform resources

Commit-ID:  0d7c1e22183b9ddaa0b3bf30ece6577741bc13b3
Gitweb:     https://git.kernel.org/tip/0d7c1e22183b9ddaa0b3bf30ece6577741bc13b3
Author:     Jan Kiszka <jan.kiszka@...mens.com>
AuthorDate: Mon, 27 Nov 2017 09:11:50 +0100
Committer:  Thomas Gleixner <tglx@...utronix.de>
CommitDate: Sun, 14 Jan 2018 21:11:56 +0100

x86/jailhouse: Avoid access of unsupported platform resources

Non-root cells do not have CMOS access, thus the warm reset cannot be
enabled. There is no RTC, thus also no wall clock. Furthermore, there
are no ISA IRQs and no PIC.

Also disable probing of i8042 devices that are typically blocked for
non-root cells. In theory, access could also be granted to a non-root
cell, provided the root cell is not using the devices. But there is no
concrete scenario in sight, and disabling probing over Jailhouse allows
to build generic kernels that keep CONFIG_SERIO enabled for use in
normal systems.

Signed-off-by: Jan Kiszka <jan.kiszka@...mens.com>
Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
Cc: jailhouse-dev@...glegroups.com
Link: https://lkml.kernel.org/r/39b68cc2c496501c9d95e6f40e5d76e3053c3908.1511770314.git.jan.kiszka@siemens.com

---
 arch/x86/kernel/jailhouse.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/arch/x86/kernel/jailhouse.c b/arch/x86/kernel/jailhouse.c
index 34cf9d3..b9f116d 100644
--- a/arch/x86/kernel/jailhouse.c
+++ b/arch/x86/kernel/jailhouse.c
@@ -13,6 +13,7 @@
 #include <asm/apic.h>
 #include <asm/cpu.h>
 #include <asm/hypervisor.h>
+#include <asm/i8259.h>
 #include <asm/setup.h>
 
 static __initdata struct jailhouse_setup_data setup_data;
@@ -32,6 +33,11 @@ static uint32_t __init jailhouse_detect(void)
 	return jailhouse_cpuid_base();
 }
 
+static void jailhouse_get_wallclock(struct timespec *now)
+{
+	memset(now, 0, sizeof(*now));
+}
+
 static void __init jailhouse_timer_init(void)
 {
 	lapic_timer_frequency = setup_data.apic_khz * (1000 / HZ);
@@ -77,11 +83,18 @@ static void __init jailhouse_init_platform(void)
 	struct setup_data header;
 	void *mapping;
 
+	x86_init.irqs.pre_vector_init	= x86_init_noop;
 	x86_init.timers.timer_init	= jailhouse_timer_init;
 	x86_init.mpparse.get_smp_config	= jailhouse_get_smp_config;
 
 	x86_platform.calibrate_cpu	= jailhouse_get_tsc;
 	x86_platform.calibrate_tsc	= jailhouse_get_tsc;
+	x86_platform.get_wallclock	= jailhouse_get_wallclock;
+	x86_platform.legacy.rtc		= 0;
+	x86_platform.legacy.warm_reset	= 0;
+	x86_platform.legacy.i8042	= X86_LEGACY_I8042_PLATFORM_ABSENT;
+
+	legacy_pic			= &null_legacy_pic;
 
 	while (pa_data) {
 		mapping = early_memremap(pa_data, sizeof(header));

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ