Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-04 04:06:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
0f34d11234
linux-stable/arch/x86
History
Michael Kelley 0f34d11234 x86/hyperv: Make encrypted/decrypted changes safe for load_unaligned_zeropad() 
In a CoCo VM, when transitioning memory from encrypted to decrypted, or
vice versa, the caller of set_memory_encrypted() or set_memory_decrypted()
is responsible for ensuring the memory isn't in use and isn't referenced
while the transition is in progress.  The transition has multiple steps,
and the memory is in an inconsistent state until all steps are complete.
A reference while the state is inconsistent could result in an exception
that can't be cleanly fixed up.

However, the kernel load_unaligned_zeropad() mechanism could cause a stray
reference that can't be prevented by the caller of set_memory_encrypted()
or set_memory_decrypted(), so there's specific code to handle this case.
But a CoCo VM running on Hyper-V may be configured to run with a paravisor,
with the #VC or #VE exception routed to the paravisor. There's no
architectural way to forward the exceptions back to the guest kernel, and
in such a case, the load_unaligned_zeropad() specific code doesn't work.

To avoid this problem, mark pages as "not present" while a transition
is in progress. If load_unaligned_zeropad() causes a stray reference, a
normal page fault is generated instead of #VC or #VE, and the
page-fault-based fixup handlers for load_unaligned_zeropad() resolve the
reference. When the encrypted/decrypted transition is complete, mark the
pages as "present" again.

Signed-off-by: Michael Kelley <mhklinux@outlook.com>
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Link: https://lore.kernel.org/r/20240116022008.1023398-4-mhklinux@outlook.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Message-ID: <20240116022008.1023398-4-mhklinux@outlook.com>
2024-03-01 08:31:42 +00:00
..
boot x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section 2024-02-05 10:24:51 +00:00
coco - Add support managing TDX host hardware 2024-01-18 13:41:48 -08:00
configs hardening updates for v6.7-rc1 2023-10-30 19:09:55 -10:00
crypto This update includes the following changes: 2024-01-10 12:23:43 -08:00
entry x86/entry_32: Add VERW just before userspace transition 2024-02-19 16:31:46 -08:00
events Performance events changes for v6.8 are: 2024-01-08 19:37:20 -08:00
hyperv x86/hyperv: Make encrypted/decrypted changes safe for load_unaligned_zeropad() 2024-03-01 08:31:42 +00:00
ia32
include x86/mm: Regularize set_memory_p() parameters and make non-static 2024-03-01 08:31:41 +00:00
kernel x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key 2024-02-19 16:31:49 -08:00
kvm KVM/VMX: Move VERW closer to VMentry for MDS mitigation 2024-02-19 16:31:59 -08:00
lib x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups 2024-01-29 11:40:41 +01:00
math-emu x86/fpu: Include asm/fpu/regset.h 2023-05-18 11:56:18 -07:00
mm x86/mm: Regularize set_memory_p() parameters and make non-static 2024-03-01 08:31:41 +00:00
net Networking changes for 6.8. 2024-01-11 10:07:29 -08:00
pci pci-v6.8-changes 2024-01-17 16:23:17 -08:00
platform x86/cleanups changes for v6.8: 2024-01-08 17:23:32 -08:00
power x86/topology: Remove CPU0 hotplug option 2023-05-15 13:44:49 +02:00
purgatory x86/purgatory: Remove LTO flags 2023-09-17 09:49:03 +02:00
ras
realmode x86/cleanups changes for v6.8: 2024-01-08 17:23:32 -08:00
tools x86/build changes for v6.8: 2024-01-08 17:22:02 -08:00
um This pull request contains the following changes for UML: 2024-01-17 10:44:34 -08:00
video fbdev: Replace fb_pgprotect() with pgprot_framebuffer() 2023-10-12 09:20:46 +02:00
virt x86/mce: Differentiate real hardware #MCs from TDX erratum ones 2023-12-12 08:46:46 -08:00
xen x86/xen: Add some null pointer checking to smp.c 2024-02-12 20:14:52 +01:00
.gitignore
Kbuild
Kconfig IOMMU Updates for Linux v6.8 2024-01-18 15:16:57 -08:00
Kconfig.assembler x86/shstk: Add Kconfig option for shadow stack 2023-07-11 14:12:18 -07:00
Kconfig.cpu x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 2024-02-09 16:28:19 +01:00
Kconfig.debug docs: move x86 documentation into Documentation/arch/ 2023-03-30 12:58:51 -06:00
Makefile kbuild: use 4-space indentation when followed by conditionals 2024-02-15 06:05:44 +09:00
Makefile_32.cpu
Makefile.postlink kbuild: remove ARCH_POSTLINK from module builds 2023-10-28 21:10:08 +09:00
Makefile.um um: Only disable SSE on clang to work around old GCC bugs 2023-04-04 09:57:05 +02:00