Branch: refs/heads/next
Home: https://github.com/siemens/jailhouse
Commit: c4024b68d0d17f6cf6d55a0b61845511ed19e6f7
https://github.com/siemens/jailhouse/commit/c4024b68d0d17f6cf6d55a0b61845511ed19e6f7
Author: Jan Kiszka <[email protected]>
Date: 2020-01-19 (Sun, 19 Jan 2020)
Changed paths:
M tools/root-cell-config.c.tmpl
Log Message:
-----------
tools: config-create: Adjust template to latest changes
This was forgotten in 3fac413f0647.
Signed-off-by: Jan Kiszka <[email protected]>
Commit: a6d8decf371dc5560a335ab9c03781e3f2387dcc
https://github.com/siemens/jailhouse/commit/a6d8decf371dc5560a335ab9c03781e3f2387dcc
Author: Jan Kiszka <[email protected]>
Date: 2020-01-21 (Tue, 21 Jan 2020)
Changed paths:
M hypervisor/arch/arm-common/mmu_cell.c
M hypervisor/arch/x86/svm.c
M hypervisor/arch/x86/vmx.c
M hypervisor/arch/x86/vtd.c
M hypervisor/include/jailhouse/paging.h
M hypervisor/paging.c
Log Message:
-----------
core: paging: Refactor paging_create/destroy parameters
Change the coherent enum into paging_flags in order to allow adding more
in the future. Rename the flags parameter to access_flags for better
differentiation.
Use this chance to align the names and types of local vars that are
forwarded to access_flags with that parameter.
No behavioral changes.
Signed-off-by: Jan Kiszka <[email protected]>
Commit: 3954ce65fbfdfabeab6bc12073a9f81928508176
https://github.com/siemens/jailhouse/commit/3954ce65fbfdfabeab6bc12073a9f81928508176
Author: Jan Kiszka <[email protected]>
Date: 2020-01-21 (Tue, 21 Jan 2020)
Changed paths:
M hypervisor/arch/arm-common/mmu_cell.c
M hypervisor/arch/x86/svm.c
M hypervisor/arch/x86/vmx.c
M hypervisor/arch/x86/vtd.c
M hypervisor/include/jailhouse/paging.h
M hypervisor/paging.c
M hypervisor/setup.c
M include/jailhouse/cell-config.h
Log Message:
-----------
core: Introduce JAILHOUSE_MEM_NO_HUGEPAGES memory region flag
This allows to mitigate CVE-2018-12207: On affected Intel machines, a
guest can trigger an unrecoverable machine check exception when running
a certain code pattern on an executable huge page. The suggested
mitigation pattern of Intel involves on-demand break-up of huge pages
when the guest tries to execute on them and also consolidating them into
non-executable huge pages dynamically. This pattern is not compatible
with the static and deterministic behavior of Jailhouse.
Therefore, this introduces a memory region flag to exclude huge page
mappings for a region. System configurators can use this flag for
executable regions on affected CPUs, while still allowing huge pages for
non-executable regions.
Signed-off-by: Jan Kiszka <[email protected]>
Compare:
https://github.com/siemens/jailhouse/compare/f2706433efea...3954ce65fbfd
--
You received this message because you are subscribed to the Google Groups
"Jailhouse" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jailhouse-dev/siemens/jailhouse/push/refs/heads/next/f27064-3954ce%40github.com.
