Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vmm's vm_set_register() should be more careful #1921

Open
markjdb opened this issue Nov 14, 2023 · 0 comments
Open

vmm's vm_set_register() should be more careful #1921

markjdb opened this issue Nov 14, 2023 · 0 comments
Assignees
@markjdb

Comments

@markjdb
Copy link
Contributor

markjdb commented Nov 14, 2023

Right now, bhyve can use an ioctl to set the guest's PC to any address, with bounds inherited from the GVA root capability. This should be reworked to ensure that existing bounds are respected. In particular, I think vmm should do the following:

  1. During guest creation, initialize each vcpu's nextpc to a copy of the GVA root cap.
  2. Require the caller of VM_SET_REGISTER to provide an untagged capability which can be derived from the current nextpc value. This should be enough to let bhyve set nextpc before initial execution of guest code.
  3. Optionally provide a mechanism to override this restriction, following, e.g., security.cheri.ptrace_caps.
@markjdb markjdb self-assigned this Nov 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@markjdb markjdb

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@markjdb