| From 264b0d2bee148073c117e7bbbde5be7125a53be1 Mon Sep 17 00:00:00 2001 |
| From: Erdem Aktas <erdemaktas@google.com> |
| Date: Fri, 13 Dec 2019 13:31:46 -0800 |
| Subject: percpu: Separate decrypted varaibles anytime encryption can be enabled |
| |
| From: Erdem Aktas <erdemaktas@google.com> |
| |
| commit 264b0d2bee148073c117e7bbbde5be7125a53be1 upstream. |
| |
| CONFIG_VIRTUALIZATION may not be enabled for memory encrypted guests. If |
| disabled, decrypted per-CPU variables may end up sharing the same page |
| with variables that should be left encrypted. |
| |
| Always separate per-CPU variables that should be decrypted into their own |
| page anytime memory encryption can be enabled in the guest rather than |
| rely on any other config option that may not be enabled. |
| |
| Fixes: ac26963a1175 ("percpu: Introduce DEFINE_PER_CPU_DECRYPTED") |
| Cc: stable@vger.kernel.org # 4.15+ |
| Signed-off-by: Erdem Aktas <erdemaktas@google.com> |
| Signed-off-by: David Rientjes <rientjes@google.com> |
| Signed-off-by: Dennis Zhou <dennis@kernel.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| include/linux/percpu-defs.h | 3 +-- |
| 1 file changed, 1 insertion(+), 2 deletions(-) |
| |
| --- a/include/linux/percpu-defs.h |
| +++ b/include/linux/percpu-defs.h |
| @@ -176,8 +176,7 @@ |
| * Declaration/definition used for per-CPU variables that should be accessed |
| * as decrypted when memory encryption is enabled in the guest. |
| */ |
| -#if defined(CONFIG_VIRTUALIZATION) && defined(CONFIG_AMD_MEM_ENCRYPT) |
| - |
| +#ifdef CONFIG_AMD_MEM_ENCRYPT |
| #define DECLARE_PER_CPU_DECRYPTED(type, name) \ |
| DECLARE_PER_CPU_SECTION(type, name, "..decrypted") |
| |