lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <165157375706.3129182.12268321822257676050.b4-ty@kernel.org>
Date:   Tue,  3 May 2022 11:31:02 +0100
From:   Marc Zyngier <maz@...nel.org>
To:     kvmarm@...ts.cs.columbia.edu, Oliver Upton <oupton@...gle.com>
Cc:     suzuki.poulose@....com, ricarkol@...gle.com, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        james.morse@....com, reijiw@...gle.com, alexandru.elisei@....com
Subject: Re: [PATCH v4 0/7] KVM: arm64: Limit feature register reads from AArch32

On Tue, 3 May 2022 06:01:58 +0000, Oliver Upton wrote:
> KVM/arm64 does not restrict the guest's view of the AArch32 feature
> registers when read from AArch32. HCR_EL2.TID3 is cleared for AArch32
> guests, meaning that register reads come straight from hardware. This is
> problematic as KVM relies on read_sanitised_ftr_reg() to expose a set of
> features consistent for a particular system.
> 
> Appropriate handlers must first be put in place for CP10 and CP15 ID
> register accesses before setting TID3. Rather than exhaustively
> enumerating each of the encodings for CP10 and CP15 registers, take the
> lazy route and aim the register accesses at the AArch64 system register
> table.
> 
> [...]

Applied to next, thanks!

Note that I have dropped the revert for now, as the original patch
lives in a separate branch. I'll clean things up at -rc1.

[1/7] KVM: arm64: Return a bool from emulate_cp()
      commit: 001bb819994cd1bd037b6aefdb233f1720ee2126
[2/7] KVM: arm64: Don't write to Rt unless sys_reg emulation succeeds
      commit: 28eda7b5e82489b9dcffc630af68c207552b4f4d
[3/7] KVM: arm64: Wire up CP15 feature registers to their AArch64 equivalents
      commit: e65197666773f39e4378161925e5a1c7771cff29
[4/7] KVM: arm64: Plumb cp10 ID traps through the AArch64 sysreg handler
      commit: 9369bc5c5e35985f38d04bd98c6d28a032e84b17
[5/7] KVM: arm64: Start trapping ID registers for 32 bit guests
      commit: fd1264c4ca610a99d52c35a37e5551eec442723d
[6/7] KVM/arm64: Hide AArch32 PMU registers when not available
      commit: a9e192cd4fc738469448803693c9dc730898b8f1

Cheers,

	M.
-- 
Without deviation from the norm, progress is not possible.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ