kernel/protocols: Document possible attack in core_pvalidate_one()

The writable_phys_addr() check in core_pvalidate_one() leaves a window open for the described attack. This can not be removed before Linux and OVMF are fixed, but leave a comment so that it is not forgotten. Signed-off-by: Joerg Roedel <[email protected]>
coconut-svsm · Apr 22, 2024 · 361e498 · 361e498
1 parent d162b9d
commit 361e498
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/kernel/src/protocols/core.rs b/kernel/src/protocols/core.rs
@@ -296,6 +296,9 @@ fn core_pvalidate_one(entry: u64, flush: &mut bool) -> Result<(), SvsmReqError>
         // down the #NPF loops.
         //
         if writable_phys_addr(paddr) {
+            // FIXME: This check leaves a window open for the attack described
+            // above. Remove the check once OVMF and Linux have been fixed and
+            // no longer try to pvalidate MMIO memory.
             zero_mem_region(vaddr, vaddr + page_size_bytes);
         } else {
             log::warn!("Not clearing possible read-only page at PA {:#x}", paddr);