On 10.06.21 15:36, Dongjiu Geng wrote: > In order to safe, forbid other CPUs to access per-CPU private > address when it exits from VM. > > Signed-off-by: Dongjiu Geng <[email protected]> > --- > hypervisor/arch/arm64/setup.c | 2 +- > hypervisor/arch/arm64/traps.c | 6 ++---- > 2 files changed, 3 insertions(+), 5 deletions(-) > > diff --git a/hypervisor/arch/arm64/setup.c b/hypervisor/arch/arm64/setup.c > index 376648e3..82da01ea 100644 > --- a/hypervisor/arch/arm64/setup.c > +++ b/hypervisor/arch/arm64/setup.c > @@ -143,7 +143,7 @@ void arch_shutdown_self(struct per_cpu *cpu_data) > :: "r" (hypervisor_header.arm_linux_hyp_vectors)); > > /* Return to EL1 */ > - shutdown_func((struct per_cpu *)paging_hvirt2phys(cpu_data)); > + shutdown_func((struct per_cpu > *)paging_hvirt2phys(per_cpu(this_cpu_id()))); > } > > void arch_cpu_restore(unsigned int cpu_id, int return_code) > diff --git a/hypervisor/arch/arm64/traps.c b/hypervisor/arch/arm64/traps.c > index 488dd7f8..95d8d860 100644 > --- a/hypervisor/arch/arm64/traps.c > +++ b/hypervisor/arch/arm64/traps.c > @@ -43,10 +43,8 @@ static enum trap_return handle_hvc(struct trap_context > *ctx) > > regs[0] = hypercall(code, regs[1], regs[2]); > > - if (code == JAILHOUSE_HC_DISABLE && regs[0] == 0) { > - paging_map_all_per_cpu(this_cpu_id(), true); > - arch_shutdown_self(per_cpu(this_cpu_id())); > - } > + if (code == JAILHOUSE_HC_DISABLE && regs[0] == 0) > + arch_shutdown_self((struct per_cpu *)LOCAL_CPU_BASE); > > return TRAP_HANDLED; > } >
You are not changing the "shutdown VM" (destroy cell) path but the "shutdown Jailhouse completely". After that, there is no control of Jailhouse over data left in memory anyway, including what was in the hypervisor state. Furthermore, Jailhouse only supports disabling/shutdown after all non-root cells have been destroyed, thus when there is nothing to leak anymore. I strongly recommend that you provide test cases and more precise descriptions along change requests. While creating them, you may see clearer what actually happens - or help us to better understand what may actually go wrong so far. Jan -- Siemens AG, T RDA IOT Corporate Competence Center Embedded Linux -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jailhouse-dev/4d1b57bc-d152-5651-3a85-9bada12d952e%40siemens.com.
