| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250811005036.714274-1-sdonthineni@nvidia.com> Date: Sun, 10 Aug 2025 19:50:33 -0500 From: Shanker Donthineni <sdonthineni@...dia.com> To: Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>, Marek Szyprowski <m.szyprowski@...sung.com>, Suzuki K Poulose <suzuki.poulose@....com>, Steven Price <steven.price@....com>, <linux-arm-kernel@...ts.infradead.org> CC: Robin Murphy <robin.murphy@....com>, Gavin Shan <gshan@...hat.com>, "Mike Rapoport" <rppt@...nel.org>, Shanker Donthineni <sdonthineni@...dia.com>, Vikram Sethi <vsethi@...dia.com>, Jason Sequeira <jsequeira@...dia.com>, "Dev Jain" <dev.jain@....com>, David Rientjes <rientjes@...gle.com>, <linux-kernel@...r.kernel.org>, <iommu@...ts.linux.dev> Subject: [RESEND PATCH 0/2] Add encrypt/decrypt support for vmalloc regions This series fixes two related issues in the handling of memory encryption attributes on ARM64 systems with Confidential Compute Architecture (CCA) enabled. Currently, certain code paths assume that the target address for set_memory_encrypted()/set_memory_decrypted() is always part of the linear mapping. This assumption breaks on ARM64 when CONFIG_DMA_DIRECT_REMAP=y or when operating on vmalloc-backed memory regions, leading to incorrect encryption attribute updates and, in some cases, system crashes. Patch 1 addresses an ARM64-specific bug in the DMA atomic pool expansion path, where the wrong virtual address was passed to the memory encryption helpers. On CCA-enabled systems, this resulted in corruption or crashes during pool expansion. Patch 2 extends the ARM64 memory attribute change functions to handle vmalloc and other non-linear mappings correctly. A new helper is introduced to detect such mappings, translate them to physical pages, and update attributes on a per-page basis. This resolves failures and crashes in scenarios such as NVMe device pass-through where vmalloc-backed memory is involved CONFIG_DMA_DIRECT_REMAP=y. Both changes have been tested on an ARM64 CCA-enabled environment with NVMe pass-through feature. Shanker Donthineni (2): dma/pool: Use vmap() address for memory encryption helpers on ARM64 arm64: Add encrypt/decrypt support for vmalloc regions arch/arm64/mm/pageattr.c | 55 +++++++++++++++++++++++++++++++++++----- kernel/dma/pool.c | 8 +++--- 2 files changed, 52 insertions(+), 11 deletions(-) -- 2.25.1
Powered by blists - more mailing lists