| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251221160920.297689-1-aneesh.kumar@kernel.org> Date: Sun, 21 Dec 2025 21:39:16 +0530 From: "Aneesh Kumar K.V (Arm)" <aneesh.kumar@...nel.org> To: linux-kernel@...r.kernel.org, iommu@...ts.linux.dev, linux-coco@...ts.linux.dev Cc: Catalin Marinas <catalin.marinas@....com>, will@...nel.org, maz@...nel.org, tglx@...utronix.de, robin.murphy@....com, suzuki.poulose@....com, akpm@...ux-foundation.org, jgg@...pe.ca, steven.price@....com, "Aneesh Kumar K.V (Arm)" <aneesh.kumar@...nel.org> Subject: [PATCH v2 0/4] Enforce host page-size alignment for shared buffers Hi all, This patch series addresses alignment requirements for buffers shared between private-memory guests and the host. When running private-memory guests, the guest kernel must apply additional constraints when allocating buffers that are shared with the hypervisor. These shared buffers are also accessed by the host kernel and therefore must be aligned to the host’s page size. Architectures such as Arm can tolerate realm physical address space PFNs being mapped as shared memory, as incorrect accesses are detected and reported as GPC faults. However, relying on this mechanism alone is unsafe and can still lead to kernel crashes. This is particularly likely when guest_memfd allocations are mmapped and accessed from userspace. Once exposed to userspace, it is not possible to guarantee that applications will only access the intended 4K shared region rather than the full 64K page mapped into their address space. Such userspace addresses may also be passed back into the kernel and accessed via the linear map, potentially resulting in a GPC fault and a kernel crash. To address this, the series introduces a new helper, `mem_encrypt_align()`, which allows callers to enforce the required alignment for shared buffers. The series is based on: https://gitlab.arm.com/linux-arm/linux-cca.git cca/topics/cca-tdisp-integration-v2 It includes both arm64 guest and host changes to demonstrate a sample implementation of `mem_encrypt_align()`, with the goal of making the intent and usage clear for review. I also included a fix for direct dma remapped coherent allocations related memory encryption becuse it is also touching the same area. Based on feedback here I will split that as a separate patch and can send that out The series also includes a fix for direct DMA remapped allocations related to memory encryption, as it touches the same code paths. Based on feedback, I can split this fix into a separate patch and send it out independently. Feedback and suggestions are welcome. Changes from v1: * Rename the helper to mem_encrypt_align * Improve the commit message * Handle DMA allocations from contiguous memory * Handle DMA allocations from the pool * swiotlb is still considered unencrypted. Support for an encrypted swiotlb pool is left as TODO and is independent of this series. Aneesh Kumar K.V (Arm) (4): swiotlb: dma: its: Enforce host page-size alignment for shared buffers coco: guest: arm64: Fetch host IPA change alignment via RHI hostconf coco: host: arm64: Handle hostconf RHI calls in kernel dma: direct: set decrypted flag for remapped coherent allocations arch/arm64/include/asm/mem_encrypt.h | 3 ++ arch/arm64/include/asm/rhi.h | 7 ++++ arch/arm64/include/asm/rsi.h | 1 + arch/arm64/kernel/Makefile | 2 +- arch/arm64/kernel/rhi.c | 54 ++++++++++++++++++++++++++++ arch/arm64/kernel/rsi.c | 13 +++++++ arch/arm64/kvm/hypercalls.c | 23 +++++++++++- arch/arm64/kvm/rmi.c | 4 --- arch/arm64/mm/mem_encrypt.c | 14 ++++++++ drivers/irqchip/irq-gic-v3-its.c | 7 ++-- include/linux/mem_encrypt.h | 7 ++++ kernel/dma/contiguous.c | 10 ++++++ kernel/dma/direct.c | 14 +++++--- kernel/dma/pool.c | 6 ++-- kernel/dma/swiotlb.c | 18 ++++++---- 15 files changed, 161 insertions(+), 22 deletions(-) create mode 100644 arch/arm64/kernel/rhi.c -- 2.43.0
Powered by blists - more mailing lists