| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Aug 2017 09:31:41 +0100
From: Florent Revest <florent.revest@....com>
To: linux-arm-kernel@...ts.infradead.org
Cc: matt@...eblueprint.co.uk, ard.biesheuvel@...aro.org,
pbonzini@...hat.com, rkrcmar@...hat.com,
christoffer.dall@...aro.org, catalin.marinas@....com,
will.deacon@....com, mark.rutland@....com, marc.zyngier@....com,
linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org, kvmarm@...ts.cs.columbia.edu,
leif.lindholm@....com, revestflo@...il.com,
Florent Revest <florent.revest@....com>
Subject: [RFC 11/11] KVM, arm64: Don't trap internal VMs SMC calls
Internal virtual machines can be used to sandbox code such as EFI Runtime
Services. However, some implementations of those Runtime Services rely on
handlers placed in the Secure World (e.g: SoftIron Overdrive 1000) and need
access to SMC calls.
This patch modifies the Hypervisor Configuration Register to avoid trapping
SMC calls of internal virtual machines. Normal userspace VMs are not
affected by this patch.
Note: Letting Runtime Services VMs access EL3 without control can
potentially be a security threat on its own. An alternative would be to
forward SMC calls selectively from inside handle_smc. However, this would
require some level of knowledge of the SMC calls arguments and EFI
Runtime Services implementations.
Signed-off-by: Florent Revest <florent.revest@....com>
---
arch/arm64/include/asm/kvm_emulate.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h
index fe39e68..4b46cd0 100644
--- a/arch/arm64/include/asm/kvm_emulate.h
+++ b/arch/arm64/include/asm/kvm_emulate.h
@@ -49,6 +49,9 @@ static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu)
vcpu->arch.hcr_el2 |= HCR_E2H;
if (test_bit(KVM_ARM_VCPU_EL1_32BIT, vcpu->arch.features))
vcpu->arch.hcr_el2 &= ~HCR_RW;
+
+ if (!vcpu->kvm->mm)
+ vcpu->arch.hcr_el2 &= ~HCR_TSC;
}
static inline unsigned long vcpu_get_hcr(struct kvm_vcpu *vcpu)
--
1.9.1
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Powered by blists - more mailing lists