Patch "x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot" has been added to the 5.15-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     x86-sev-es-allow-copy_from_kernel_nofault-in-earlier.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit f19374e16420910ac130ee121f442856fd76ee61
Author: Adam Dunlap <acdunlap@xxxxxxxxxx>
Date:   Mon Sep 11 17:27:02 2023 -0700

    x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot
    
    [ Upstream commit f79936545fb122856bd78b189d3c7ee59928c751 ]
    
    Previously, if copy_from_kernel_nofault() was called before
    boot_cpu_data.x86_virt_bits was set up, then it would trigger undefined
    behavior due to a shift by 64.
    
    This ended up causing boot failures in the latest version of ubuntu2204
    in the gcp project when using SEV-SNP.
    
    Specifically, this function is called during an early #VC handler which
    is triggered by a CPUID to check if NX is implemented.
    
    Fixes: 1aa9aa8ee517 ("x86/sev-es: Setup GHCB-based boot #VC handler")
    Suggested-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
    Signed-off-by: Adam Dunlap <acdunlap@xxxxxxxxxx>
    Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx>
    Tested-by: Jacob Xu <jacobhxu@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/20230912002703.3924521-2-acdunlap@xxxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/x86/mm/maccess.c b/arch/x86/mm/maccess.c
index 5a53c2cc169cc..6993f026adec9 100644
--- a/arch/x86/mm/maccess.c
+++ b/arch/x86/mm/maccess.c
@@ -9,12 +9,21 @@ bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size)
 	unsigned long vaddr = (unsigned long)unsafe_src;
 
 	/*
-	 * Range covering the highest possible canonical userspace address
-	 * as well as non-canonical address range. For the canonical range
-	 * we also need to include the userspace guard page.
+	 * Do not allow userspace addresses.  This disallows
+	 * normal userspace and the userspace guard page:
 	 */
-	return vaddr >= TASK_SIZE_MAX + PAGE_SIZE &&
-	       __is_canonical_address(vaddr, boot_cpu_data.x86_virt_bits);
+	if (vaddr < TASK_SIZE_MAX + PAGE_SIZE)
+		return false;
+
+	/*
+	 * Allow everything during early boot before 'x86_virt_bits'
+	 * is initialized.  Needed for instruction decoding in early
+	 * exception handlers.
+	 */
+	if (!boot_cpu_data.x86_virt_bits)
+		return true;
+
+	return __is_canonical_address(vaddr, boot_cpu_data.x86_virt_bits);
 }
 #else
 bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size)



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux