On Fri, Mar 20, 2020 at 11:26:42AM +0100, Laurent Dufour wrote: > The Hcall named H_SVM_* are reserved to the Ultravisor. However, nothing > prevent a malicious VM or SVM to call them. This could lead to weird result > and should be filtered out. > > Checking the Secure bit of the calling MSR ensure that the call is coming > from either the Ultravisor or a SVM. But any system call made from a SVM > are going through the Ultravisor, and the Ultravisor should filter out > these malicious call. This way, only the Ultravisor is able to make such a > Hcall. > > Cc: Bharata B Rao <[email protected]> > Cc: Paul Mackerras <[email protected]> > Cc: Benjamin Herrenschmidt <[email protected]> > Cc: Michael Ellerman <[email protected]> > Signed-off-by: Laurent Dufour <[email protected]>
Reviewed-by: Ram Pai <[email protected]> > --- > arch/powerpc/kvm/book3s_hv.c | 32 +++++++++++++++++++++----------- > 1 file changed, 21 insertions(+), 11 deletions(-) >
