lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <yq5a4iozjlce.fsf@kernel.org>
Date: Tue, 06 Jan 2026 12:09:45 +0530
From: Aneesh Kumar K.V <aneesh.kumar@...nel.org>
To: Jason Gunthorpe <jgg@...pe.ca>
Cc: linux-kernel@...r.kernel.org, iommu@...ts.linux.dev,
	linux-coco@...ts.linux.dev,
	Catalin Marinas <catalin.marinas@....com>, will@...nel.org,
	maz@...nel.org, tglx@...utronix.de, robin.murphy@....com,
	suzuki.poulose@....com, akpm@...ux-foundation.org,
	steven.price@....com
Subject: Re: [PATCH v2 0/4] Enforce host page-size alignment for shared buffers

Jason Gunthorpe <jgg@...pe.ca> writes:

> On Sun, Dec 21, 2025 at 09:39:16PM +0530, Aneesh Kumar K.V (Arm) wrote:
>> Hi all,
>> 
>> This patch series addresses alignment requirements for buffers shared between
>> private-memory guests and the host.
>> 
>> When running private-memory guests, the guest kernel must apply additional
>> constraints when allocating buffers that are shared with the hypervisor. These
>> shared buffers are also accessed by the host kernel and therefore must be
>> aligned to the host’s page size.
>> 
>> Architectures such as Arm can tolerate realm physical address space PFNs being
>> mapped as shared memory, as incorrect accesses are detected and reported as GPC
>> faults. However, relying on this mechanism alone is unsafe and can still lead to
>> kernel crashes.
>> 
>> This is particularly likely when guest_memfd allocations are mmapped and
>> accessed from userspace. Once exposed to userspace, it is not possible to
>> guarantee that applications will only access the intended 4K shared region
>> rather than the full 64K page mapped into their address space. Such userspace
>> addresses may also be passed back into the kernel and accessed via the linear
>> map, potentially resulting in a GPC fault and a kernel crash.
>> 
>> To address this, the series introduces a new helper, `mem_encrypt_align()`,
>> which allows callers to enforce the required alignment for shared buffers.
>
> This explanation makes sense, but to maybe bottom line the requirement
> to something very simple..
>
>  In ARM64 the guest shared/private granule size must be >= the
>  hypervisor PAGE_SIZE, which may be larger than the VM's natural
>  PAGE_SIZE.
>
> Meaning we have to go through an change all the places doing
> shared/private stuff to work on a shared/private granual size. I think
> this is not just alignment, but allocation size as well?
>

That is correct. I updated the commit message to

These shared buffers are also accessed by the host kernel and therefore
must be aligned to the host’s page size, and have a size that is a
multiple of the host page size.

-aneesh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ