[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v4 0/15] xen: arm: reenable support for 32-bit userspace running in 64-bit guest.

XSA-102/CVE-2014-5147[0] concerned a crash when trapping from 32-bit
userspace in a 64-bit guest. Part of that security patch was c0020e09970
"xen: arm: Handle traps from 32-bit userspace on 64-bit kernel as undef
fix" which turned the exploitable crash into a #undef to the guest (so
as to kill the process but not the host) as a workaround for the issue.

However while this prevented the exploit it did not make 32-bit
userspaces which were prone to triggering the issue actually work.

This series consists of some patches which I originally wrote for
XSA-102 to fix the issue properly before it was determined that those
fixes were too invasive by far for a security update. At the end of the
series is a new patch which removes the XSA-102 workaround since all
problematic traps should now be handled.

Since these were originally intended to be the security fix they have
had a fair bit of scrutiny already in private . However since there is
now a risk of reintroducing XSA-102 I would appreciate a pretty thorough
second pair of eyes on it this time around.

I've tested this with a local utility which tries to access the various
cp and system registers from both 32- and 64-bit processes and checks
that they either work or give the expected traps. Since this tool is
effectively an exploit for XSA-102 I'm not sharing here but if you ask
nicely and appear to be wearing the correct colour hat I might share it
with you (it's not terribly impressive, so don't get too excited).

Since last time:
      * Handle any unexpected EL0 register traps by injecting #undef not
        by crashing since the docs really don't make it clear in all
        cases whether these are to be expected or not.
              * HSR.EC decoding still does assume e.g. that hvc32 can't
                come from a 64-bit guest, so GUEST_BUG_ON remains for
                that
      * Dropped handling of CLIDR, CCSIDR traps, since we don't actually
        request them (two less things to think about in the other
        patches)
      * No longer pretend to handle set/way operations, these are
        incompatible with virtualisation.
      * Various knock on effects from the above, I've retained most of
        the ack/review since it was mainly just adjusting the context.
      * Reordered a few things, i.e. some prerequisites for a patch
        which wanted backporting are now sooner and the switch to
        GUEST_BUG_ON is now before reenabling 32-bit userspace.
      * Bonus patch to vcpu_show_execution_state which I noticed while
        digging around.

Ian.

[0] http://xenbits.xen.org/xsa/advisory-102.html



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.