Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp3700167ybv; Mon, 10 Feb 2020 04:58:19 -0800 (PST) X-Google-Smtp-Source: APXvYqzLS9j7WnLm2UNrdW18DYKWmxn0MCFMgkb4xU602V0UGU/iVF3kMMVVMqHFNRVWRDt/5ZHV X-Received: by 2002:a05:6830:1615:: with SMTP id g21mr988433otr.49.1581339499298; Mon, 10 Feb 2020 04:58:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581339499; cv=none; d=google.com; s=arc-20160816; b=tE+OzBilfTgzrMhF/wVIG63Nf6psOpsQF7sa/Enw5P1LpsGzzgAEk0owX0lzKPWNUJ Nb1CdxfTiA6asZocFZvZKrBd6O8TnUVu4uKR0zzvvStmKyKy5PnYdntQ81WaPz0taJtb Qe/874o/9raqPi6ramwFZ5n/+JLNq9I1zQDhSSOheOzcC2uxR/Rf0J6woReg1GvAY+xv BprEGeWYyq/mNqAxK+QmUMfx1enYznn+uUvJ2EhTOUuiZIWy0RziEV3w8jvU1CxEZLy2 RtXtDSANc7XPu1YBUA3sH7QopIwCb/OhTRQD0tSpQlRbZyLGWywXs3fSdEEcsKDCVSMD 6xMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=+zEwyPTfDVQlvYrVEb3HMWIGLLMkPBVt2yqjXc7FU30=; b=ULTAZoonvxDN2x/colyjI9cpbWeLmkYtQsHq86cesfhqm9SpnAAG9P2wXPtxKcj/k5 T0KMrRad2oR4MmgzsWsn5eQ9zsOIQhGXqTI/skZCi0IUqY29Zd9/QXqkEe2YCqezmR/U e6uUMG+F/6g6L1Qyuox8shPcJU3rgIcbhw9zVUMvmrjU14knnF/XHXQWfkWuxm1mP2uh /ZA0+L8+MsKEjil03qMmRsPlDul7x9cWVvpK/GNEX6D53Lbf/Qd/kKWJeG10uXb9h4oQ WPF1nFNRxfEKxKAy0kLPyBj7y8Y/j3RBl3ycE6lF3qrAzm7eluQ+J9HJntaaSgIaN6Zu QO6Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=TV6sK0If; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s15si127752oih.252.2020.02.10.04.58.07; Mon, 10 Feb 2020 04:58:19 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=TV6sK0If; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730051AbgBJM5H (ORCPT + 99 others); Mon, 10 Feb 2020 07:57:07 -0500 Received: from mail.kernel.org ([198.145.29.99]:44014 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730012AbgBJMlc (ORCPT ); Mon, 10 Feb 2020 07:41:32 -0500 Received: from localhost (unknown [209.37.97.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 62E7C20842; Mon, 10 Feb 2020 12:41:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1581338492; bh=xPjFRomVxdpO+HM2q+A9172l/tUjWzy5wahhYlj59YE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TV6sK0IfZoiiW+f8p37JI9FkIaHhqCqMghBqkti2ctElJ6XqklJrLziWsPAb7ScxL EnzUSBH65HdT69UWImvvGubpXIfTfCkg/UEAn4Npqfmw9HDtgw3nxgsnzHQf11UWA+ VNfv1dBzIbw5sIgJzUQDJGG/YRFfZtuiXFhyvC6w= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Erdem Aktas , David Rientjes , Dennis Zhou Subject: [PATCH 5.5 278/367] percpu: Separate decrypted varaibles anytime encryption can be enabled Date: Mon, 10 Feb 2020 04:33:11 -0800 Message-Id: <20200210122449.770564832@linuxfoundation.org> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200210122423.695146547@linuxfoundation.org> References: <20200210122423.695146547@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Erdem Aktas commit 264b0d2bee148073c117e7bbbde5be7125a53be1 upstream. CONFIG_VIRTUALIZATION may not be enabled for memory encrypted guests. If disabled, decrypted per-CPU variables may end up sharing the same page with variables that should be left encrypted. Always separate per-CPU variables that should be decrypted into their own page anytime memory encryption can be enabled in the guest rather than rely on any other config option that may not be enabled. Fixes: ac26963a1175 ("percpu: Introduce DEFINE_PER_CPU_DECRYPTED") Cc: stable@vger.kernel.org # 4.15+ Signed-off-by: Erdem Aktas Signed-off-by: David Rientjes Signed-off-by: Dennis Zhou Signed-off-by: Greg Kroah-Hartman --- include/linux/percpu-defs.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/include/linux/percpu-defs.h +++ b/include/linux/percpu-defs.h @@ -175,8 +175,7 @@ * Declaration/definition used for per-CPU variables that should be accessed * as decrypted when memory encryption is enabled in the guest. */ -#if defined(CONFIG_VIRTUALIZATION) && defined(CONFIG_AMD_MEM_ENCRYPT) - +#ifdef CONFIG_AMD_MEM_ENCRYPT #define DECLARE_PER_CPU_DECRYPTED(type, name) \ DECLARE_PER_CPU_SECTION(type, name, "..decrypted")