Re: [EXTERNAL] [PATCH 2/4] arm/arm64: Reject hypercalls with wrong immediate code

[Jan Kiszka]

On 2018-03-05 16:31, Nikhil Devshatwar wrote:
> On Monday 05 March 2018 12:21 PM, Jan Kiszka wrote:
>> From: Jan Kiszka 
>>
>> Jailhouse only supports hypercalls with the immediate code 0x4a48. Avoid
>> interpreting calls with other codes as ours.
>>
>> Signed-off-by: Jan Kiszka 
>> ---
>>   hypervisor/arch/arm/traps.c  | 3 +++
>>   hypervisor/arch/arm64/traps.c    | 3 +++
>>   include/arch/arm/asm/jailhouse_hypercall.h   | 2 ++
>>   include/arch/arm64/asm/jailhouse_hypercall.h | 2 ++
>>   4 files changed, 10 insertions(+)
>>
>> diff --git a/hypervisor/arch/arm/traps.c b/hypervisor/arch/arm/traps.c
>> index f75a3b00..15f736fc 100644
>> --- a/hypervisor/arch/arm/traps.c
>> +++ b/hypervisor/arch/arm/traps.c
>> @@ -263,6 +263,9 @@ static int arch_handle_hvc(struct trap_context *ctx)
>>   unsigned long *regs = ctx->regs;
>>   unsigned long code = regs[0];
>>   +    if (HSR_ISS(ctx->hsr) != JAILHOUSE_HVC_CODE)
>> +    return TRAP_FORBIDDEN;
>> +
>>   regs[0] = hypercall(code, regs[1], regs[2]);
>>     if (code == JAILHOUSE_HC_DISABLE && regs[0] == 0)
>> diff --git a/hypervisor/arch/arm64/traps.c
>> b/hypervisor/arch/arm64/traps.c
>> index cd309233..0c4a498d 100644
>> --- a/hypervisor/arch/arm64/traps.c
>> +++ b/hypervisor/arch/arm64/traps.c
>> @@ -51,6 +51,9 @@ static int handle_hvc(struct trap_context *ctx)
>>   unsigned long *regs = ctx->regs;
>>   unsigned long code = regs[0];
>>   +    if (ESR_ISS(ctx->esr) != JAILHOUSE_HVC_CODE)
>> +    return TRAP_FORBIDDEN;
>> +
>>   regs[0] = hypercall(code, regs[1], regs[2]);
>>     if (code == JAILHOUSE_HC_DISABLE && regs[0] == 0)
>> diff --git a/include/arch/arm/asm/jailhouse_hypercall.h
>> b/include/arch/arm/asm/jailhouse_hypercall.h
>> index 8baec784..e4eca625 100644
>> --- a/include/arch/arm/asm/jailhouse_hypercall.h
>> +++ b/include/arch/arm/asm/jailhouse_hypercall.h
>> @@ -36,6 +36,8 @@
>>    * THE POSSIBILITY OF SUCH DAMAGE.
>>    */
>>   +#define JAILHOUSE_HVC_CODE    0x4a48
>> +
>>   #define JAILHOUSE_CALL_INS    ".arch_extension virt\n\t" \
>>   "hvc #0x4a48"
> Might as well use the stringify to resue the new #define

Yes, but then we need to consistently include the right headers to have
that define in all environments (hypervisor, Linux, inmates). I was
playing with this but then felt better to not add this requirement.

Jan

>>   #define JAILHOUSE_CALL_NUM_RESULT    "r0"
>> diff --git a/include/arch/arm64/asm/jailhouse_hypercall.h
>> b/include/arch/arm64/asm/jailhouse_hypercall.h
>> index d9a9f693..86ce6716 100644
>> --- a/include/arch/arm64/asm/jailhouse_hypercall.h
>> +++ b/include/arch/arm64/asm/jailhouse_hypercall.h
>> @@ -36,6 +36,8 @@
>>    * THE POSSIBILITY OF SUCH DAMAGE.
>>    */
>>   +#define JAILHOUSE_HVC_CODE    0x4a48
>> +
>>   #define JAILHOUSE_CALL_INS    "hvc #0x4a48"
> Same as above
>>   #define JAILHOUSE_CALL_NUM_RESULT    "x0"
>>   #define JAILHOUSE_CALL_ARG1    "x1"
> Nikhil D

-- 
You received this message because you are subscribed to the Google Groups 
"Jailhouse" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jailhouse-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [EXTERNAL] [PATCH 2/4] arm/arm64: Reject hypercalls with wrong immediate code

['Nikhil Devshatwar' via Jailhouse]

On Monday 05 March 2018 12:21 PM, Jan Kiszka wrote:

From: Jan Kiszka 

Jailhouse only supports hypercalls with the immediate code 0x4a48. Avoid
interpreting calls with other codes as ours.

Signed-off-by: Jan Kiszka 
---
  hypervisor/arch/arm/traps.c  | 3 +++
  hypervisor/arch/arm64/traps.c| 3 +++
  include/arch/arm/asm/jailhouse_hypercall.h   | 2 ++
  include/arch/arm64/asm/jailhouse_hypercall.h | 2 ++
  4 files changed, 10 insertions(+)

diff --git a/hypervisor/arch/arm/traps.c b/hypervisor/arch/arm/traps.c
index f75a3b00..15f736fc 100644
--- a/hypervisor/arch/arm/traps.c
+++ b/hypervisor/arch/arm/traps.c
@@ -263,6 +263,9 @@ static int arch_handle_hvc(struct trap_context *ctx)
unsigned long *regs = ctx->regs;
unsigned long code = regs[0];
  
+	if (HSR_ISS(ctx->hsr) != JAILHOUSE_HVC_CODE)

+   return TRAP_FORBIDDEN;
+
regs[0] = hypercall(code, regs[1], regs[2]);
  
  	if (code == JAILHOUSE_HC_DISABLE && regs[0] == 0)

diff --git a/hypervisor/arch/arm64/traps.c b/hypervisor/arch/arm64/traps.c
index cd309233..0c4a498d 100644
--- a/hypervisor/arch/arm64/traps.c
+++ b/hypervisor/arch/arm64/traps.c
@@ -51,6 +51,9 @@ static int handle_hvc(struct trap_context *ctx)
unsigned long *regs = ctx->regs;
unsigned long code = regs[0];
  
+	if (ESR_ISS(ctx->esr) != JAILHOUSE_HVC_CODE)

+   return TRAP_FORBIDDEN;
+
regs[0] = hypercall(code, regs[1], regs[2]);
  
  	if (code == JAILHOUSE_HC_DISABLE && regs[0] == 0)

diff --git a/include/arch/arm/asm/jailhouse_hypercall.h 
b/include/arch/arm/asm/jailhouse_hypercall.h
index 8baec784..e4eca625 100644
--- a/include/arch/arm/asm/jailhouse_hypercall.h
+++ b/include/arch/arm/asm/jailhouse_hypercall.h
@@ -36,6 +36,8 @@
   * THE POSSIBILITY OF SUCH DAMAGE.
   */
  
+#define JAILHOUSE_HVC_CODE		0x4a48

+
  #define JAILHOUSE_CALL_INS".arch_extension virt\n\t" \
"hvc #0x4a48"

Might as well use the stringify to resue the new #define

  #define JAILHOUSE_CALL_NUM_RESULT "r0"
diff --git a/include/arch/arm64/asm/jailhouse_hypercall.h 
b/include/arch/arm64/asm/jailhouse_hypercall.h
index d9a9f693..86ce6716 100644
--- a/include/arch/arm64/asm/jailhouse_hypercall.h
+++ b/include/arch/arm64/asm/jailhouse_hypercall.h
@@ -36,6 +36,8 @@
   * THE POSSIBILITY OF SUCH DAMAGE.
   */
  
+#define JAILHOUSE_HVC_CODE		0x4a48

+
  #define JAILHOUSE_CALL_INS"hvc #0x4a48"

Same as above

  #define JAILHOUSE_CALL_NUM_RESULT "x0"
  #define JAILHOUSE_CALL_ARG1   "x1"

Nikhil D

--
You received this message because you are subscribed to the Google Groups 
"Jailhouse" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jailhouse-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.