lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251222144646.1426256-1-vkuznets@redhat.com>
Date: Mon, 22 Dec 2025 15:46:46 +0100
From: Vitaly Kuznetsov <vkuznets@...hat.com>
To: Theodore Ts'o <tytso@....edu>,
	"Jason A . Donenfeld" <Jason@...c4.com>
Cc: Ingo Molnar <mingo@...nel.org>,
	Kiryl Shutsemau <kas@...nel.org>,
	linux-kernel@...r.kernel.org,
	linux-mm@...ck.org,
	Pradipta Banerjee <prbanerj@...hat.com>,
	Frank Liang <xiliang@...hat.com>,
	Alexander Graf <graf@...zon.com>
Subject: [PATCH] vmgenid: Remap memory as decrypted

It was found that AWS SEV-SNP enabled instances are not able to boot with
commit 81256a50aa0f ("x86/mm: Make memremap(MEMREMAP_WB) map memory as
encrypted by default") applied and the reason seems to be the vmgenid
device which requires unencrypted writeable memory.

A similar problem was previously fixed in DRM with commit
7dfede7d7edd ("drm/vmwgfx: Fix guests running with TDX/SEV").

Note, trusting vmgenid device in a Confidential VM is questionable: the
malicious host may intentionally avoid notifying the guest when a copy is
created.

Fixes: 81256a50aa0f ("x86/mm: Make memremap(MEMREMAP_WB) map memory as encrypted by default")
Signed-off-by: Vitaly Kuznetsov <vkuznets@...hat.com>
---
 drivers/virt/vmgenid.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/virt/vmgenid.c b/drivers/virt/vmgenid.c
index 66135eac3abf..2cf0096aa217 100644
--- a/drivers/virt/vmgenid.c
+++ b/drivers/virt/vmgenid.c
@@ -75,7 +75,8 @@ static int vmgenid_add_acpi(struct device *dev, struct vmgenid_state *state)
 	phys_addr = (obj->package.elements[0].integer.value << 0) |
 		    (obj->package.elements[1].integer.value << 32);
 
-	virt_addr = devm_memremap(&device->dev, phys_addr, VMGENID_SIZE, MEMREMAP_WB);
+	virt_addr = devm_memremap(&device->dev, phys_addr, VMGENID_SIZE,
+				  MEMREMAP_WB | MEMREMAP_DEC);
 	if (IS_ERR(virt_addr)) {
 		ret = PTR_ERR(virt_addr);
 		goto out;
-- 
2.52.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ