lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <d42a3430-a365-4fd3-bfd4-efa567f777a8@codeaurora.org>
Date:   Thu, 7 Dec 2017 10:44:04 -0500
From:   "Leeder, Neil" <nleeder@...eaurora.org>
To:     Will Deacon <will.deacon@....com>
Cc:     nleeder@...eaurora.org, Mark Rutland <mark.rutland@....com>,
        linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        Mark Langsdorf <mlangsdo@...hat.com>,
        Mark Salter <msalter@...hat.com>, Jon Masters <jcm@...hat.com>,
        Timur Tabi <timur@...eaurora.org>,
        Mark Brown <broonie@...nel.org>
Subject: Re: [PATCH] perf: qcom_l2_pmu: don't allow guest access

On 12/7/2017 8:38 AM, Will Deacon wrote:
> On Wed, Dec 06, 2017 at 04:19:24PM -0500, Leeder, Neil wrote:
>> On 12/6/2017 11:11 AM, Mark Rutland wrote:
>>> On Wed, Dec 06, 2017 at 10:55:33AM -0500, Neil Leeder wrote:
>>>> Guests cannot access IMPDEF system registers, which are used
>>>> by this driver. Disable the driver if it's running in a guest VM.
>>>>
>>>> Signed-off-by: Neil Leeder <nleeder@...eaurora.org>
>>>> ---
>>>>  drivers/perf/qcom_l2_pmu.c | 4 ++++
>>>>  1 file changed, 4 insertions(+)
>>>
>>> I'm a little confused by this. Why is this hypervisor providing a
>>> QCOM8130 device to the guest that it cannot use?
>>>
>>> Could you elaborate on what's going on?
>>>
>>
>> While there's an argument that the guest shouldn't be loading the driver
>> in the first place, we can't control everyone's guest configuration or what
>> their hypervisor does.
> 
> Ok, but why is the hypervisor advertising a device that effectively doesn't
> exist? Most drivers trust the firmware tables they are given, so this makes
> it sound like we should start annotating all drivers for devices that we
> don't expect to see in a guest with is_hyp_mode_available() checks.
> 
> That doesn't feel quite right to me.

Hi Will,

I suspect that most mis-configured drivers don't fail until they're used, or are
otherwise Mostly Harmless. The problem here is that this driver uses IMPDEF system
registers in its init, and I'd guess only a minority of drivers do that. So it
crashed the kernel with an illegal instruction on boot. I'm trying to be a good
citizen here and not allow my driver to stop a kernel from booting because someone
misconfigured something out of my control.

Neil
-- 
Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm Technologies Inc.
Qualcomm Technologies, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project.

Powered by blists - more mailing lists