|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen master] xen/arm: Don't expose implementation defined registers (Cp15 c15) to the guest
commit a0453db0c6ead85e0e2143c133268bcc5a017f73
Author: Julien Grall <julien.grall@xxxxxxxxxx>
AuthorDate: Tue Apr 15 12:45:28 2014 +0100
Commit: Ian Campbell <ian.campbell@xxxxxxxxxx>
CommitDate: Wed Apr 23 10:31:07 2014 +0100
xen/arm: Don't expose implementation defined registers (Cp15 c15) to the
guest
On Cortex-A15, CP15 c15 contains registers to retrieve data from L1/L2 RAM.
Exposing this registers to guest may result to leak data from Xen and/or
another guest.
By default trap every registers and inject an undefined instruction.
This is CVE-2014-2915 / XSA-93.
Signed-off-by: Julien Grall <julien.grall@xxxxxxxxxx>
Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
---
xen/arch/arm/traps.c | 3 +++
xen/include/asm-arm/cpregs.h | 2 ++
xen/include/asm-arm/processor.h | 3 +++
3 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index b77e623..710e5cc 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm/traps.c
@@ -74,6 +74,9 @@ void __cpuinit init_traps(void)
/* Setup Hyp vector base */
WRITE_SYSREG((vaddr_t)hyp_traps_vector, VBAR_EL2);
+ /* Trap CP15 c15 used for implementation defined registers */
+ WRITE_SYSREG(HSTR_T(15), HSTR_EL2);
+
/* Trap all coprocessor registers (0-13) except cp10 and cp11 for VFP
* /!\ All processors except cp10 and cp11 cannot be used in Xen
*/
diff --git a/xen/include/asm-arm/cpregs.h b/xen/include/asm-arm/cpregs.h
index 2b411af..e9a8094 100644
--- a/xen/include/asm-arm/cpregs.h
+++ b/xen/include/asm-arm/cpregs.h
@@ -116,6 +116,7 @@
#define HSCTLR p15,4,c1,c0,0 /* Hyp. System Control Register */
#define HCR p15,4,c1,c1,0 /* Hyp. Configuration Register */
#define HCPTR p15,4,c1,c1,2 /* Hyp. Coprocessor Trap Register */
+#define HSTR p15,4,c1,c1,3 /* Hyp. System Trap Register */
/* CP15 CR2: Translation Table Base and Control Registers */
#define TTBCR p15,0,c2,c0,2 /* Translatation Table Base Control
Register */
@@ -270,6 +271,7 @@
#define FAR_EL2 HIFAR
#define HCR_EL2 HCR
#define HPFAR_EL2 HPFAR
+#define HSTR_EL2 HSTR
#define ID_AFR0_EL1 ID_AFR0
#define ID_DFR0_EL1 ID_DFR0
#define ID_ISAR0_EL1 ID_ISAR0
diff --git a/xen/include/asm-arm/processor.h b/xen/include/asm-arm/processor.h
index 02cefe9..750864a 100644
--- a/xen/include/asm-arm/processor.h
+++ b/xen/include/asm-arm/processor.h
@@ -89,6 +89,9 @@
#define HCPTR_CP(x) ((_AC(1,U)<<(x))) /* Trap Coprocessor x */
#define HCPTR_CP_MASK ((_AC(1,U)<<14)-1)
+/* HSTR Hyp. System Trap Register */
+#define HSTR_T(x) ((_AC(1,U)<<(x))) /* Trap Cp15 c<x> */
+
#define HSR_EC_UNKNOWN 0x00
#define HSR_EC_WFI_WFE 0x01
#define HSR_EC_CP15_32 0x03
--
generated by git-patchbot for /home/xen/git/xen.git#master
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |