git.baikalelectronics.ru Git - kernel.git/commit

author	Fabiano Rosas <farosas@linux.ibm.com>
	Wed, 11 Aug 2021 16:00:39 +0000 (02:00 +1000)
committer	Michael Ellerman <mpe@ellerman.id.au>
	Wed, 25 Aug 2021 06:37:17 +0000 (16:37 +1000)
commit	17d3d04667c69477d5075ec2d3bb7a4df8de21ea
tree	78cee05d69be61c7a89a875153b9eeacedfe43af	tree \| snapshot
parent	a9f0b030b5f76edb50e2f812b90819027ae4c3f6	commit \| diff

KVM: PPC: Book3S HV Nested: Sanitise vcpu registers

As one of the arguments of the H_ENTER_NESTED hypercall, the nested
hypervisor (L1) prepares a structure containing the values of various
hypervisor-privileged registers with which it wants the nested guest
(L2) to run. Since the nested HV runs in supervisor mode it needs the
host to write to these registers.

To stop a nested HV manipulating this mechanism and using a nested
guest as a proxy to access a facility that has been made unavailable
to it, we have a routine that sanitises the values of the HV registers
before copying them into the nested guest's vcpu struct.

However, when coming out of the guest the values are copied as they
were back into L1 memory, which means that any sanitisation we did
during guest entry will be exposed to L1 after H_ENTER_NESTED returns.

This patch alters this sanitisation to have effect on the vcpu->arch
registers directly before entering and after exiting the guest,
leaving the structure that is copied back into L1 unchanged (except
when we really want L1 to access the value, e.g the Cause bits of
HFSCR).

Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Link: https://lore.kernel.org/r/20210811160134.904987-6-npiggin@gmail.com