]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit
projects / mirror_ubuntu-bionic-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c7588eb) | patch
KVM: arm64: Avoid storing the vcpu pointer on the stack
authorChristoffer Dall <christoffer.dall@linaro.org>
Fri, 20 Jul 2018 09:52:58 +0000 (10:52 +0100)
committerKleber Sacilotto de Souza <kleber.souza@canonical.com>
Wed, 5 Sep 2018 12:53:31 +0000 (14:53 +0200)
commit47e02f070685d5a0d27ddecd56ed565195594802
treead58f23b03010b2dc665bdcf3d68ef7ebca23c67tree
parentc7588eb454b2a9158b1212da41c48a20d4741b33commit | diff
KVM: arm64: Avoid storing the vcpu pointer on the stack

BugLink: https://bugs.launchpad.net/bugs/1787993
CVE-2018-3639 (arm64)

Commit 4464e210de9e80e38de59df052fe09ea2ff80b1b upstream.

We already have the percpu area for the host cpu state, which points to
the VCPU, so there's no need to store the VCPU pointer on the stack on
every context switch.  We can be a little more clever and just use
tpidr_el2 for the percpu offset and load the VCPU pointer from the host
context.

This has the benefit of being able to retrieve the host context even
when our stack is corrupted, and it has a potential performance benefit
because we trade a store plus a load for an mrs and a load on a round
trip to the guest.

This does require us to calculate the percpu offset without including
the offset from the kernel mapping of the percpu array to the linear
mapping of the array (which is what we store in tpidr_el1), because a
PC-relative generated address in EL2 is already giving us the hyp alias
of the linear mapping of a kernel address.  We do this in
__cpu_init_hyp_mode() by using kvm_ksym_ref().

The code that accesses ESR_EL2 was previously using an alternative to
use the _EL1 accessor on VHE systems, but this was actually unnecessary
as the _EL1 accessor aliases the ESR_EL2 register on VHE, and the _EL2
accessor does the same thing on both systems.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 2cdc2e62a6ac829832c2bf4ccb1098fccc67f82c
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git /
linux-4.14.y)
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
arch/arm64/include/asm/kvm_asm.h diff | blob | blame | history
arch/arm64/include/asm/kvm_host.h diff | blob | blame | history
arch/arm64/kernel/asm-offsets.c diff | blob | blame | history
arch/arm64/kvm/hyp/entry.S diff | blob | blame | history
arch/arm64/kvm/hyp/hyp-entry.S diff | blob | blame | history
arch/arm64/kvm/hyp/switch.c diff | blob | blame | history
arch/arm64/kvm/hyp/sysreg-sr.c diff | blob | blame | history
ubuntu-bionic-kernel mirror