From 2fa444893063ea0ec14bccf28731aba135f6534a Mon Sep 17 00:00:00 2001 From: Li Fei1 Date: Mon, 24 May 2021 11:25:50 +0800 Subject: [PATCH] dm: mitigate reset attack When a platform reboots or shuts down, the contents of RAM are not immediately lost but begins to decay. During this period, there is a short timeframe during which an attacker can turn the platform back on to boot into a program that dumps the contents of memory (e.g., cold boot attacks). Encryption keys and other secrets can be easily compromised through this method. We already erasing the guest memory data when the guest is shut down normally. However, if the guest is shut down abnormally, the contents of RAM may still there. This patch mitigate this kind reset attack for a DM launched VM by erasing the guest memory data by the guest has been created. Tracked-On: #6061 Signed-off-by: Li Fei1 Acked-by: Wang, Yu1 --- devicemodel/core/vmmapi.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/devicemodel/core/vmmapi.c b/devicemodel/core/vmmapi.c index 9b53ad78c..70f34fe02 100644 --- a/devicemodel/core/vmmapi.c +++ b/devicemodel/core/vmmapi.c @@ -404,6 +404,8 @@ vm_map_memseg_vma(struct vmctx *ctx, size_t len, vm_paddr_t gpa, int vm_setup_memory(struct vmctx *ctx, size_t memsize) { + int ret; + /* * If 'memsize' cannot fit entirely in the 'lowmem' segment then * create another 'highmem' segment above 4GB for the remainder. @@ -418,7 +420,13 @@ vm_setup_memory(struct vmctx *ctx, size_t memsize) ctx->biosmem = high_bios_size(); - return hugetlb_setup_memory(ctx); + ret = hugetlb_setup_memory(ctx); + if (ret == 0) { + /* mitigate reset attack */ + bzero((void *)ctx->baseaddr, ctx->lowmem); + bzero((void *)(ctx->baseaddr + ctx->highmem_gpa_base), ctx->highmem); + } + return ret; } void @@ -439,10 +447,7 @@ vm_unsetup_memory(struct vmctx *ctx) if (!is_rtvm) { bzero((void *)ctx->baseaddr, ctx->lowmem); - if (ctx->highmem > 0) { - bzero((void *)(ctx->baseaddr + ctx->highmem_gpa_base), - ctx->highmem); - } + bzero((void *)(ctx->baseaddr + ctx->highmem_gpa_base), ctx->highmem); } hugetlb_unsetup_memory(ctx);