| From ccec44563b18a0ce90e2d4f332784b3cb25c8e9c Mon Sep 17 00:00:00 2001 |
| From: Paul Mackerras <paulus@samba.org> |
| Date: Sat, 5 Mar 2016 19:34:39 +1100 |
| Subject: KVM: PPC: Book3S HV: Sanitize special-purpose register values on guest exit |
| |
| From: Paul Mackerras <paulus@samba.org> |
| |
| commit ccec44563b18a0ce90e2d4f332784b3cb25c8e9c upstream. |
| |
| Thomas Huth discovered that a guest could cause a hard hang of a |
| host CPU by setting the Instruction Authority Mask Register (IAMR) |
| to a suitable value. It turns out that this is because when the |
| code was added to context-switch the new special-purpose registers |
| (SPRs) that were added in POWER8, we forgot to add code to ensure |
| that they were restored to a sane value on guest exit. |
| |
| This adds code to set those registers where a bad value could |
| compromise the execution of the host kernel to a suitable neutral |
| value on guest exit. |
| |
| Fixes: b005255e12a3 |
| Reported-by: Thomas Huth <thuth@redhat.com> |
| Reviewed-by: David Gibson <david@gibson.dropbear.id.au> |
| Signed-off-by: Paul Mackerras <paulus@samba.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| arch/powerpc/kvm/book3s_hv_rmhandlers.S | 14 ++++++++++++++ |
| 1 file changed, 14 insertions(+) |
| |
| --- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S |
| +++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S |
| @@ -1370,6 +1370,20 @@ END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_207S) |
| std r6, VCPU_ACOP(r9) |
| stw r7, VCPU_GUEST_PID(r9) |
| std r8, VCPU_WORT(r9) |
| + /* |
| + * Restore various registers to 0, where non-zero values |
| + * set by the guest could disrupt the host. |
| + */ |
| + li r0, 0 |
| + mtspr SPRN_IAMR, r0 |
| + mtspr SPRN_CIABR, r0 |
| + mtspr SPRN_DAWRX, r0 |
| + mtspr SPRN_TCSCR, r0 |
| + mtspr SPRN_WORT, r0 |
| + /* Set MMCRS to 1<<31 to freeze and disable the SPMC counters */ |
| + li r0, 1 |
| + sldi r0, r0, 31 |
| + mtspr SPRN_MMCRS, r0 |
| 8: |
| |
| /* Save and reset AMR and UAMOR before turning on the MMU */ |
