| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <174646405074.406.11902047835715348370.tip-bot2@tip-bot2>
Date: Mon, 05 May 2025 16:54:10 -0000
From: "tip-bot2 for Ard Biesheuvel" <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: Ard Biesheuvel <ardb@...nel.org>, Ingo Molnar <mingo@...nel.org>,
"Borislav Petkov (AMD)" <bp@...en8.de>, Arnd Bergmann <arnd@...db.de>,
David Woodhouse <dwmw@...zon.co.uk>,
Dionna Amalie Glaze <dionnaglaze@...gle.com>,
"H. Peter Anvin" <hpa@...or.com>, Kees Cook <keescook@...omium.org>,
Kevin Loughlin <kevinloughlin@...gle.com>, Len Brown <len.brown@...el.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
"Rafael J. Wysocki" <rafael.j.wysocki@...el.com>,
Tom Lendacky <thomas.lendacky@....com>, linux-efi@...r.kernel.org,
x86@...nel.org, linux-kernel@...r.kernel.org
Subject:
[tip: x86/boot] x86/boot: Provide __pti_set_user_pgtbl() to startup code
The following commit has been merged into the x86/boot branch of tip:
Commit-ID: f92d3fe32874e83986b9edc330ccc9bc9faaa92a
Gitweb: https://git.kernel.org/tip/f92d3fe32874e83986b9edc330ccc9bc9faaa92a
Author: Ard Biesheuvel <ardb@...nel.org>
AuthorDate: Sun, 04 May 2025 11:52:45 +02:00
Committer: Borislav Petkov (AMD) <bp@...en8.de>
CommitterDate: Mon, 05 May 2025 18:48:58 +02:00
x86/boot: Provide __pti_set_user_pgtbl() to startup code
The SME encryption startup code populates page tables using the ordinary
set_pXX() helpers, and in a PTI build, these will call out to
__pti_set_user_pgtbl() to manipulate the shadow copy of the page tables
for user space.
This is unneeded for the startup code, which only manipulates the
swapper page tables, and so this call could be avoided in this
particular case. So instead of exposing the ordinary
__pti_set_user_pgtblt() to the startup code after its gets confined into
its own symbol space, provide an alternative which just returns pgd,
which is always correct in the startup context.
Annotate it as __weak for now, this will be dropped in a subsequent
patch.
Signed-off-by: Ard Biesheuvel <ardb@...nel.org>
Signed-off-by: Ingo Molnar <mingo@...nel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@...en8.de>
Cc: Arnd Bergmann <arnd@...db.de>
Cc: David Woodhouse <dwmw@...zon.co.uk>
Cc: Dionna Amalie Glaze <dionnaglaze@...gle.com>
Cc: H. Peter Anvin <hpa@...or.com>
Cc: Kees Cook <keescook@...omium.org>
Cc: Kevin Loughlin <kevinloughlin@...gle.com>
Cc: Len Brown <len.brown@...el.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Rafael J. Wysocki <rafael.j.wysocki@...el.com>
Cc: Tom Lendacky <thomas.lendacky@....com>
Cc: linux-efi@...r.kernel.org
Link: https://lore.kernel.org/r/20250504095230.2932860-40-ardb+git@google.com
---
arch/x86/boot/startup/sme.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/arch/x86/boot/startup/sme.c b/arch/x86/boot/startup/sme.c
index 5738b31..753cd20 100644
--- a/arch/x86/boot/startup/sme.c
+++ b/arch/x86/boot/startup/sme.c
@@ -564,3 +564,12 @@ void __head sme_enable(struct boot_params *bp)
cc_vendor = CC_VENDOR_AMD;
cc_set_mask(me_mask);
}
+
+#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
+/* Local version for startup code, which never operates on user page tables */
+__weak
+pgd_t __pti_set_user_pgtbl(pgd_t *pgdp, pgd_t pgd)
+{
+ return pgd;
+}
+#endif
Powered by blists - more mailing lists