9dd7462461
by cherry-picking the relevant commits from launchpad/lunar [0]. (relevant commits are based on k.o/stable commits for this) minimally tested by booting my (ryzen) machine with this kernel and skimming through dmesg after boot. [0] git://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/lunar Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
122 lines
4.0 KiB
Diff
122 lines
4.0 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Thomas Gleixner <tglx@linutronix.de>
|
|
Date: Wed, 14 Jun 2023 01:39:41 +0200
|
|
Subject: [PATCH] init, x86: Move mem_encrypt_init() into
|
|
arch_cpu_finalize_init()
|
|
|
|
Invoke the X86ism mem_encrypt_init() from X86 arch_cpu_finalize_init() and
|
|
remove the weak fallback from the core code.
|
|
|
|
No functional change.
|
|
|
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
Link: https://lore.kernel.org/r/20230613224545.670360645@linutronix.de
|
|
|
|
(backported from commit 439e17576eb47f26b78c5bbc72e344d4206d2327)
|
|
[cascardo: really remove mem_encrypt_init from init/main.c]
|
|
CVE-2022-40982
|
|
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
|
|
Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
|
|
Acked-by: Stefan Bader <stefan.bader@canonical.com>
|
|
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
|
|
(cherry picked from commit 439b49f26bc9ee74a3ac4b356c12d41f68c49cbd)
|
|
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
|
|
---
|
|
arch/x86/include/asm/mem_encrypt.h | 7 ++++---
|
|
arch/x86/kernel/cpu/common.c | 11 +++++++++++
|
|
init/main.c | 11 -----------
|
|
3 files changed, 15 insertions(+), 14 deletions(-)
|
|
|
|
diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h
|
|
index 72ca90552b6a..a95914f479b8 100644
|
|
--- a/arch/x86/include/asm/mem_encrypt.h
|
|
+++ b/arch/x86/include/asm/mem_encrypt.h
|
|
@@ -51,6 +51,8 @@ void __init mem_encrypt_free_decrypted_mem(void);
|
|
|
|
void __init sev_es_init_vc_handling(void);
|
|
|
|
+void __init mem_encrypt_init(void);
|
|
+
|
|
#define __bss_decrypted __section(".bss..decrypted")
|
|
|
|
#else /* !CONFIG_AMD_MEM_ENCRYPT */
|
|
@@ -82,13 +84,12 @@ early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages, bool enc) {}
|
|
|
|
static inline void mem_encrypt_free_decrypted_mem(void) { }
|
|
|
|
+static inline void mem_encrypt_init(void) { }
|
|
+
|
|
#define __bss_decrypted
|
|
|
|
#endif /* CONFIG_AMD_MEM_ENCRYPT */
|
|
|
|
-/* Architecture __weak replacement functions */
|
|
-void __init mem_encrypt_init(void);
|
|
-
|
|
void add_encrypt_protection_map(void);
|
|
|
|
/*
|
|
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
|
|
index 0f32ecfbdeb1..637817d0d819 100644
|
|
--- a/arch/x86/kernel/cpu/common.c
|
|
+++ b/arch/x86/kernel/cpu/common.c
|
|
@@ -18,6 +18,7 @@
|
|
#include <linux/init.h>
|
|
#include <linux/kprobes.h>
|
|
#include <linux/kgdb.h>
|
|
+#include <linux/mem_encrypt.h>
|
|
#include <linux/smp.h>
|
|
#include <linux/cpu.h>
|
|
#include <linux/io.h>
|
|
@@ -2412,4 +2413,14 @@ void __init arch_cpu_finalize_init(void)
|
|
} else {
|
|
fpu__init_check_bugs();
|
|
}
|
|
+
|
|
+ /*
|
|
+ * This needs to be called before any devices perform DMA
|
|
+ * operations that might use the SWIOTLB bounce buffers. It will
|
|
+ * mark the bounce buffers as decrypted so that their usage will
|
|
+ * not cause "plain-text" data to be decrypted when accessed. It
|
|
+ * must be called after late_time_init() so that Hyper-V x86/x64
|
|
+ * hypercalls work when the SWIOTLB bounce buffers are decrypted.
|
|
+ */
|
|
+ mem_encrypt_init();
|
|
}
|
|
diff --git a/init/main.c b/init/main.c
|
|
index 967584e8c3af..7533b4da4fb2 100644
|
|
--- a/init/main.c
|
|
+++ b/init/main.c
|
|
@@ -96,7 +96,6 @@
|
|
#include <linux/cache.h>
|
|
#include <linux/rodata_test.h>
|
|
#include <linux/jump_label.h>
|
|
-#include <linux/mem_encrypt.h>
|
|
#include <linux/kcsan.h>
|
|
#include <linux/init_syscalls.h>
|
|
#include <linux/stackdepot.h>
|
|
@@ -783,8 +782,6 @@ void __init __weak thread_stack_cache_init(void)
|
|
}
|
|
#endif
|
|
|
|
-void __init __weak mem_encrypt_init(void) { }
|
|
-
|
|
void __init __weak poking_init(void) { }
|
|
|
|
void __init __weak pgtable_cache_init(void) { }
|
|
@@ -1087,14 +1084,6 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void)
|
|
*/
|
|
locking_selftest();
|
|
|
|
- /*
|
|
- * This needs to be called before any devices perform DMA
|
|
- * operations that might use the SWIOTLB bounce buffers. It will
|
|
- * mark the bounce buffers as decrypted so that their usage will
|
|
- * not cause "plain-text" data to be decrypted when accessed.
|
|
- */
|
|
- mem_encrypt_init();
|
|
-
|
|
#ifdef CONFIG_BLK_DEV_INITRD
|
|
if (initrd_start && !initrd_below_start_ok &&
|
|
page_to_pfn(virt_to_page((void *)initrd_start)) < min_low_pfn) {
|