Branch: refs/heads/wip/cve-2018-12207
Home: https://github.com/siemens/jailhouse
Commit: 60f9803fbf64a50d997ca0cb426ccbb7a4d582ee
https://github.com/siemens/jailhouse/commit/60f9803fbf64a50d997ca0cb426ccbb7a4d582ee
Author: Jan Kiszka <[email protected]>
Date: 2019-11-13 (Wed, 13 Nov 2019)
Changed paths:
M hypervisor/arch/arm-common/mmu_cell.c
M hypervisor/arch/x86/svm.c
M hypervisor/arch/x86/vmx.c
M hypervisor/arch/x86/vtd.c
M hypervisor/include/jailhouse/paging.h
M hypervisor/paging.c
Log Message:
-----------
core: paging: Refactor paging_create/destroy parameters
Change the coherent enum into paging_flags in order to allow adding more
in the future. Rename the flags parameter to access_flags for better
differentiation.
Use this chance to align the names and types of local vars that are
forwarded to access_flags with that parameter.
No behavioral changes.
Signed-off-by: Jan Kiszka <[email protected]>
Commit: e5d7aab4b55bd9f4a1bdd9ee9892823810fd20aa
https://github.com/siemens/jailhouse/commit/e5d7aab4b55bd9f4a1bdd9ee9892823810fd20aa
Author: Jan Kiszka <[email protected]>
Date: 2019-11-13 (Wed, 13 Nov 2019)
Changed paths:
M hypervisor/arch/arm-common/mmu_cell.c
M hypervisor/arch/x86/svm.c
M hypervisor/arch/x86/vmx.c
M hypervisor/arch/x86/vtd.c
M hypervisor/include/jailhouse/paging.h
M hypervisor/paging.c
M hypervisor/setup.c
M include/jailhouse/cell-config.h
Log Message:
-----------
core: Introduce JAILHOUSE_MEM_NO_HUGEPAGES memory region flag
This allows to mitigate CVE-2018-12207: On affected Intel machines, a
guest can trigger an unrecoverable machine check exception when running
a certain code pattern on an executable huge page. The suggested
mitigation pattern of Intel involved on-demand break-up of huge pages
when the guest tries to execute on them and also consolidating them into
non-executable huge pages dynamically. This pattern is not compatible
with the static and deterministic behavior of Jailhouse.
Therefore, this introduces a memory region flag to exclude huge page
mappings for a region. System configurators can use this flag for
executable regions on affected CPUs, while still allowing huge pages for
non-executable regions.
Signed-off-by: Jan Kiszka <[email protected]>
Compare:
https://github.com/siemens/jailhouse/compare/60f9803fbf64%5E...e5d7aab4b55b
--
You received this message because you are subscribed to the Google Groups
"Jailhouse" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jailhouse-dev/siemens/jailhouse/push/refs/heads/wip/cve-2018-12207/000000-e5d7aa%40github.com.
