| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Apr 2022 13:03:23 -0700
From: Kalesh Singh <kaleshsingh@...gle.com>
To: unlisted-recipients:; (no To-header on input)
Cc: will@...nel.org, maz@...nel.org, qperret@...gle.com,
tabba@...gle.com, surenb@...gle.com, kernel-team@...roid.com,
Kalesh Singh <kaleshsingh@...gle.com>,
James Morse <james.morse@....com>,
Alexandru Elisei <alexandru.elisei@....com>,
Suzuki K Poulose <suzuki.poulose@....com>,
Catalin Marinas <catalin.marinas@....com>,
Andrew Walbran <qwandor@...gle.com>,
Mark Rutland <mark.rutland@....com>,
Andrew Jones <drjones@...hat.com>,
Ard Biesheuvel <ardb@...nel.org>,
Zenghui Yu <yuzenghui@...wei.com>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Changbin Du <changbin.du@...el.com>,
Masahiro Yamada <masahiroy@...nel.org>,
linux-arm-kernel@...ts.infradead.org, kvmarm@...ts.cs.columbia.edu,
linux-kernel@...r.kernel.org
Subject: [PATCH v7 0/6] KVM: arm64: Hypervisor stack enhancements
Hi all,
This is v7 of the nVHE hypervisor stack enhancements. This version is based
on 5.18-rc1 and drops the hypervisor stack unwinding and overflow-stack
patches. These require further discussion and will be resent separately.
Previous versions can be found at:
v6: https://lore.kernel.org/r/20220314200148.2695206-1-kaleshsingh@google.com/
v5: https://lore.kernel.org/r/20220307184935.1704614-1-kaleshsingh@google.com/
v4: https://lore.kernel.org/r/20220225033548.1912117-1-kaleshsingh@google.com/
v3: https://lore.kernel.org/r/20220224051439.640768-1-kaleshsingh@google.com/
v2: https://lore.kernel.org/r/20220222165212.2005066-1-kaleshsingh@google.com/
v1: https://lore.kernel.org/r/20220210224220.4076151-1-kaleshsingh@google.com/
Thanks,
Kalesh
-----
This series is based on 5.18-rc1 and adds stack guard pages to nVHE and pKVM
hypervisor; and symbolization of hypervisor addresses.
The guard page stack overflow detection is based on the technique used by
arm64 VMAP_STACK. i.e. the stack is aligned such that the 'stack shift' bit
of any valid SP is 1. The 'stack shift' bit can be tested in the exception
entry to detect overflow without corrupting GPRs.
Kalesh Singh (6):
KVM: arm64: Introduce hyp_alloc_private_va_range()
KVM: arm64: Introduce pkvm_alloc_private_va_range()
KVM: arm64: Add guard pages for KVM nVHE hypervisor stack
KVM: arm64: Add guard pages for pKVM (protected nVHE) hypervisor stack
KVM: arm64: Detect and handle hypervisor stack overflows
KVM: arm64: Symbolize the nVHE HYP addresses
arch/arm64/include/asm/kvm_asm.h | 1 +
arch/arm64/include/asm/kvm_mmu.h | 4 ++
arch/arm64/kvm/arm.c | 39 ++++++++++++--
arch/arm64/kvm/handle_exit.c | 13 ++---
arch/arm64/kvm/hyp/include/nvhe/mm.h | 6 ++-
arch/arm64/kvm/hyp/nvhe/host.S | 24 +++++++++
arch/arm64/kvm/hyp/nvhe/hyp-main.c | 18 ++++++-
arch/arm64/kvm/hyp/nvhe/mm.c | 78 ++++++++++++++++++----------
arch/arm64/kvm/hyp/nvhe/setup.c | 31 +++++++++--
arch/arm64/kvm/hyp/nvhe/switch.c | 7 ++-
arch/arm64/kvm/mmu.c | 70 ++++++++++++++++---------
scripts/kallsyms.c | 2 +-
12 files changed, 223 insertions(+), 70 deletions(-)
base-commit: 3123109284176b1532874591f7c81f3837bbdc17
--
2.35.1.1178.g4f1659d476-goog
Powered by blists - more mailing lists