Branch: refs/heads/next
Home: https://github.com/siemens/jailhouse
Commit: f64e719b01d6cd526b748742d5e7b96f6749027a
https://github.com/siemens/jailhouse/commit/f64e719b01d6cd526b748742d5e7b96f6749027a
Author: Jan Kiszka <[email protected]>
Date: 2020-01-22 (Wed, 22 Jan 2020)
Changed paths:
M hypervisor/arch/arm-common/mmu_cell.c
M hypervisor/arch/x86/svm.c
M hypervisor/arch/x86/vmx.c
M hypervisor/arch/x86/vtd.c
M hypervisor/include/jailhouse/paging.h
M hypervisor/paging.c
M hypervisor/setup.c
M include/jailhouse/cell-config.h
Log Message:
-----------
core: Introduce JAILHOUSE_MEM_NO_HUGEPAGES memory region flag
This allows to mitigate CVE-2018-12207: On affected Intel machines, a
guest can trigger an unrecoverable machine check exception when running
a certain code pattern on an executable huge page. The suggested
mitigation pattern of Intel involves on-demand break-up of huge pages
when the guest tries to execute on them and also consolidating them into
non-executable huge pages dynamically. This pattern is not compatible
with the static and deterministic behavior of Jailhouse.
Therefore, this introduces a memory region flag to exclude huge page
mappings for a region. System configurators can use this flag for
executable regions on affected CPUs, while still allowing huge pages for
non-executable regions.
Signed-off-by: Jan Kiszka <[email protected]>
--
You received this message because you are subscribed to the Google Groups
"Jailhouse" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jailhouse-dev/siemens/jailhouse/push/refs/heads/next/3954ce-f64e71%40github.com.
