Xen project Mailing List

[Xen-changelog] [xen stable-4.4] xen/arm: Don't expose implementation defined registers (Cp15 c15) to the guest

Date: Fri, 02 May 2014 05:44:45 +0000

Delivery-date: Fri, 02 May 2014 05:45:00 +0000

List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

commit 8f416fc2669769a72783e13072547f8b2d071065 Author: Julien Grall <julien.grall@xxxxxxxxxx> AuthorDate: Tue Apr 15 12:45:28 2014 +0100 Commit: Ian Campbell <ian.campbell@xxxxxxxxxx> CommitDate: Wed Apr 23 10:37:03 2014 +0100 xen/arm: Don't expose implementation defined registers (Cp15 c15) to the guest On Cortex-A15, CP15 c15 contains registers to retrieve data from L1/L2 RAM. Exposing this registers to guest may result to leak data from Xen and/or another guest. By default trap every registers and inject an undefined instruction. This is CVE-2014-2915 / XSA-93. Signed-off-by: Julien Grall <julien.grall@xxxxxxxxxx> Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx> --- xen/arch/arm/traps.c | 3 +++ xen/include/asm-arm/cpregs.h | 2 ++ xen/include/asm-arm/processor.h | 3 +++ 3 files changed, 8 insertions(+), 0 deletions(-) diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 5d156f3..d5ff70d 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -74,6 +74,9 @@ void __cpuinit init_traps(void) /* Setup Hyp vector base */ WRITE_SYSREG((vaddr_t)hyp_traps_vector, VBAR_EL2); + /* Trap CP15 c15 used for implementation defined registers */ + WRITE_SYSREG(HSTR_T(15), HSTR_EL2); + /* Trap all coprocessor registers (0-13) except cp10 and cp11 for VFP * /!\ All processors except cp10 and cp11 cannot be used in Xen */ diff --git a/xen/include/asm-arm/cpregs.h b/xen/include/asm-arm/cpregs.h index 2b411af..e9a8094 100644 --- a/xen/include/asm-arm/cpregs.h +++ b/xen/include/asm-arm/cpregs.h @@ -116,6 +116,7 @@ #define HSCTLR p15,4,c1,c0,0 /* Hyp. System Control Register */ #define HCR p15,4,c1,c1,0 /* Hyp. Configuration Register */ #define HCPTR p15,4,c1,c1,2 /* Hyp. Coprocessor Trap Register */ +#define HSTR p15,4,c1,c1,3 /* Hyp. System Trap Register */ /* CP15 CR2: Translation Table Base and Control Registers */ #define TTBCR p15,0,c2,c0,2 /* Translatation Table Base Control Register */ @@ -270,6 +271,7 @@ #define FAR_EL2 HIFAR #define HCR_EL2 HCR #define HPFAR_EL2 HPFAR +#define HSTR_EL2 HSTR #define ID_AFR0_EL1 ID_AFR0 #define ID_DFR0_EL1 ID_DFR0 #define ID_ISAR0_EL1 ID_ISAR0 diff --git a/xen/include/asm-arm/processor.h b/xen/include/asm-arm/processor.h index 02cefe9..750864a 100644 --- a/xen/include/asm-arm/processor.h +++ b/xen/include/asm-arm/processor.h @@ -89,6 +89,9 @@ #define HCPTR_CP(x) ((_AC(1,U)<<(x))) /* Trap Coprocessor x */ #define HCPTR_CP_MASK ((_AC(1,U)<<14)-1) +/* HSTR Hyp. System Trap Register */ +#define HSTR_T(x) ((_AC(1,U)<<(x))) /* Trap Cp15 c<x> */ + #define HSR_EC_UNKNOWN 0x00 #define HSR_EC_WFI_WFE 0x01 #define HSR_EC_CP15_32 0x03 -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.4 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.