| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Mar 2020 11:26:41 +0100
From: Laurent Dufour <ldufour@...ux.ibm.com>
To: linuxppc-dev@...ts.ozlabs.org, linux-kernel@...r.kernel.org,
kvm-ppc@...r.kernel.org
Subject: [PATCH 0/2] Fix SVM hang at startup
This series is fixing a SVM hang occurring when starting a SVM requiring
more secure memory than available. The hang happens in the SVM when calling
UV_ESM.
The following is happening:
1. SVM calls UV_ESM
2. Ultravisor (UV) calls H_SVM_INIT_START
3. Hypervisor (HV) calls UV_REGISTER_MEM_SLOT
4. UV returns error because there is not enough free secure memory
5. HV enter the error path in kvmppc_h_svm_init_start()
6. In the return path, since kvm->arch.secure_guest is not yet set hrfid is
called
7. As the HV doesn't know the SVM calling context hrfid is jumping to
unknown address in the SVM leading to various expections.
This series fixes the setting of kvm->arch.secure_guest in
kvmppc_h_svm_init_start() to ensure that UV_RETURN is called on the return
path to get back to the UV.
In addition to ensure that a malicious VM will not call UV reserved Hcall,
a check of the Secure bit in the calling MSR is addded to reject such a
call.
It is assumed that the UV will filtered out such Hcalls made by a malicious
SVM.
Laurent Dufour (2):
KVM: PPC: Book3S HV: check caller of H_SVM_* Hcalls
KVM: PPC: Book3S HV: H_SVM_INIT_START must call UV_RETURN
arch/powerpc/kvm/book3s_hv.c | 32 ++++++++++++++++++++----------
arch/powerpc/kvm/book3s_hv_uvmem.c | 3 ++-
2 files changed, 23 insertions(+), 12 deletions(-)
--
2.25.2
Powered by blists - more mailing lists