| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0-v1-025d64bdf6c4+e-amd_sme_fix_jgg@nvidia.com>
Date: Wed, 28 Oct 2020 15:53:40 -0300
From: Jason Gunthorpe <jgg@...dia.com>
To: <linux-mm@...ck.org>, Andrew Morton <akpm@...ux-foundation.org>,
"Tom Lendacky" <thomas.lendacky@....com>
CC: Arnd Bergmann <arnd@...db.de>,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
Borislav Petkov <bp@...en8.de>,
Brijesh Singh <brijesh.singh@....com>,
Jonathan Corbet <corbet@....net>,
Dmitry Vyukov <dvyukov@...gle.com>,
"Dave Young" <dyoung@...hat.com>,
Alexander Potapenko <glider@...gle.com>,
<kasan-dev@...glegroups.com>,
Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
<kvm@...r.kernel.org>, <linux-arch@...r.kernel.org>,
<linux-doc@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<linux-efi@...r.kernel.org>, Andy Lutomirski <luto@...nel.org>,
Larry Woodman <lwoodman@...hat.com>,
Matt Fleming <matt@...eblueprint.co.uk>,
Ingo Molnar <mingo@...nel.org>,
"Michael S. Tsirkin" <mst@...hat.com>,
Paolo Bonzini <pbonzini@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Rik van Riel <riel@...hat.com>,
Radim Krčmář <rkrcmar@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
Toshimitsu Kani <toshi.kani@....com>
Subject: [PATCH rc] mm: always have io_remap_pfn_range() set pgprot_decrypted()
The purpose of io_remap_pfn_range() is to map IO memory, such as a memory
mapped IO exposed through a PCI BAR. IO devices do not understand
encryption, so this memory must always be decrypted. Automatically call
pgprot_decrypted() as part of the generic implementation.
This fixes a bug where enabling AMD SME causes subsystems, such as RDMA,
using io_remap_pfn_range() to expose BAR pages to user space to fail. The
CPU will encrypt access to those BAR pages instead of passing unencrypted
IO directly to the device.
Places not mapping IO should use remap_pfn_range().
Cc: stable@...nel.org
Fixes: aca20d546214 ("x86/mm: Add support to make use of Secure Memory Encryption")
Signed-off-by: Jason Gunthorpe <jgg@...dia.com>
---
include/linux/mm.h | 9 +++++++++
include/linux/pgtable.h | 4 ----
2 files changed, 9 insertions(+), 4 deletions(-)
I have a few other patches after this to remove some now-redundant pgprot_decrypted()
and to update vfio-pci to call io_remap_pfn_range()
diff --git a/include/linux/mm.h b/include/linux/mm.h
index ef360fe70aafcf..db6ae4d3fb4edc 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -2759,6 +2759,15 @@ static inline vm_fault_t vmf_insert_page(struct vm_area_struct *vma,
return VM_FAULT_NOPAGE;
}
+#ifndef io_remap_pfn_range
+static inline int io_remap_pfn_range(struct vm_area_struct *vma,
+ unsigned long addr, unsigned long pfn,
+ unsigned long size, pgprot_t prot)
+{
+ return remap_pfn_range(vma, addr, pfn, size, pgprot_decrypted(prot));
+}
+#endif
+
static inline vm_fault_t vmf_error(int err)
{
if (err == -ENOMEM)
diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h
index 38c33eabea8942..71125a4676c4a6 100644
--- a/include/linux/pgtable.h
+++ b/include/linux/pgtable.h
@@ -1427,10 +1427,6 @@ typedef unsigned int pgtbl_mod_mask;
#endif /* !__ASSEMBLY__ */
-#ifndef io_remap_pfn_range
-#define io_remap_pfn_range remap_pfn_range
-#endif
-
#ifndef has_transparent_hugepage
#ifdef CONFIG_TRANSPARENT_HUGEPAGE
#define has_transparent_hugepage() 1
--
2.28.0
Powered by blists - more mailing lists