PAR_EL1 usage (at handleVMFault) in the kernel leaks info to the vCPU

[JorgeMVP]

AT instructions uses the PAR_EL1 to read the result translation from a VA to PA.

First problem: Kernel at VMFault uses PAR_EL1 and propagates the result to user space. The problem here is that the kernel overwrites the PAR_EL1 of the guest, so it is required to temporarily saved the PAR_EL1 for kernel usage. We don't want the vCPU to know what the kernel is doing.

Second problem: The problem is that between AT and PAR_EL1 the vCPU execution can be preempted and the result might be invalid, this is a functional problem. To solve this one we need to save and restore PAR_EL1 at vCPU_switch().

Let me know if I overlooked something. Thanks.

[Indanz]

So the first problem is that the vCPU can try things and check PAR_EL1 to see if it caused a fault or not. The information itself that is leaked is already known by the vCPU. This can be easily solved by saving and restoring the current PAR_EL1 in the ats* functions in machine.h (it seems only ats1e1r() is being used currently). Thankfully you can set PAR_EL1 with MSR.

I agree that PAR_EL1 also needs to be saved and restored at vCPU switch, it's currently missing from seL4_VCPUReg. Together with the above fix both problems will be resolved.