On Thu, 2023-09-21 at 08:13 +0100, Marc Zyngier wrote: > On Wed, 20 Sep 2023 20:27:28 +0100, > Suraj Jitindar Singh <surajjs@xxxxxxxxxx> wrote: > > > > From: Quentin Perret <qperret@xxxxxxxxxx> > > > > commit 43c1ff8b75011bc3e3e923adf31ba815864a2494 upstream. > > > > Memory regions marked as "no-map" in the host device-tree routinely > > include TrustZone carev-outs and DMA pools. Although donating such > > pages > > to the hypervisor may not breach confidentiality, it could be used > > to > > corrupt its state in uncontrollable ways. To prevent this, let's > > block > > host-initiated memory transitions targeting "no-map" pages > > altogether in > > nVHE protected mode as there should be no valid reason to do this > > in > > current operation. > > > > Thankfully, the pKVM EL2 hypervisor has a full copy of the host's > > list > > of memblock regions, so we can easily check for the presence of the > > MEMBLOCK_NOMAP flag on a region containing pages being donated from > > the > > host. > > > > Reviewed-by: Philippe Mathieu-Daudé <philmd@xxxxxxxxxx> > > Tested-by: Vincent Donnefort <vdonnefort@xxxxxxxxxx> > > Signed-off-by: Quentin Perret <qperret@xxxxxxxxxx> > > Signed-off-by: Will Deacon <will@xxxxxxxxxx> > > Signed-off-by: Marc Zyngier <maz@xxxxxxxxxx> > > Link: > > https://lore.kernel.org/r/20221110190259.26861-8-will@xxxxxxxxxx > > [ bp: clean ] > > What is this? Noting any details about the backport. In this case it was a clean backport. > > > Signed-off-by: Suraj Jitindar Singh <surajjs@xxxxxxxxxx> > > What is the rationale for backporting this? It wasn't tagged as Cc: > to > stable for a reason: pKVM isn't functional upstream, and won't be for > the next couple of cycles *at least*. > > So at it stands, I'm against such a backport. > The 2 patches were backported to address CVE-2023-21264. This one provides context for the proceeding patch. I wasn't aware that it's non functional. Does this mean that the code won't be compiled or just that it can't actually be run currently from the upstream codebase? I guess I'm trying to understand if the conditions of the CVE are a real concern even if it isn't technically functional. Thanks > Thanks, > > M. >
