lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251117191827.GC2380208@liuwe-devbox-debian-v2.local>
Date: Mon, 17 Nov 2025 19:18:27 +0000
From: Wei Liu <wei.liu@...nel.org>
To: Nuno Das Neves <nunodasneves@...ux.microsoft.com>
Cc: Anirudh Rayabharam <anirudh@...rudhrb.com>,
	"K. Y. Srinivasan" <kys@...rosoft.com>,
	Haiyang Zhang <haiyangz@...rosoft.com>,
	Wei Liu <wei.liu@...nel.org>, Dexuan Cui <decui@...rosoft.com>,
	Long Li <longli@...rosoft.com>, linux-hyperv@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] Drivers: hv: ioctl for self targeted passthrough
 hvcalls

On Mon, Nov 17, 2025 at 10:16:12AM -0800, Nuno Das Neves wrote:
> On 11/17/2025 1:52 AM, Anirudh Rayabharam wrote:
> > From: Anirudh Rayabharam (Microsoft) <anirudh@...rudhrb.com>
> > 
> > Allow MSHV_ROOT_HVCALL IOCTL on the /dev/mshv fd. This IOCTL would
> > execute a passthrough hypercall targeting the root/parent partition
> > i.e. HV_PARTITION_ID_SELF.
> > 
> 
> I think it's worth taking a moment to check and perhaps explain in
> the commit message/a comment any security implications of the VMM
> process being able to call these hypercalls on the root/parent
> partition.
> 
> One implication would be: can the VMM process influence other
> processes in the root partition via these hypercalls,
> e.g. HVCALL_SET_VP_REGISTERS? I would think that the hypervisor
> itself disallows this but we should check. We can ask the
> hypervisor team what they think, and check the hypervisor code.
> 
> Specifically we should check on any hypercall that could possibly
> influence partition state, i.e.:
> HVCALL_SET_PARTITION_PROPERTY
> HVCALL_SET_VP_REGISTERS
> HVCALL_INSTALL_INTERCEPT
> HVCALL_CLEAR_VIRTUAL_INTERRUPT
> HVCALL_REGISTER_INTERCEPT_RESULT
> HVCALL_ASSERT_VIRTUAL_INTERRUPT
> HVCALL_SIGNAL_EVENT_DIRECT
> HVCALL_POST_MESSAGE_DIRECT
> 
> If it turns out there is something risky we are enabling here, we can
> introduce a new array of hypercalls to restrict which ones can be
> called on HV_PARTITION_ID_SELF.
> 

This is a good point. Please check with the hypervisor team.

Wei

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ