Linux Confidential Computing Development
 help / color / mirror / Atom feed
* [PATCH linux-6.12.y v1 0/2] Backporting SEV-SNP CVE-2023-20585 to linux-stable
@ 2026-07-17 10:49 Liam Merwick
  2026-07-17 10:49 ` [PATCH linux-6.12.y v1 1/2] iommu/amd: Use maximum Event log buffer size when SNP is enabled on Family 0x19 Liam Merwick
  2026-07-17 10:49 ` [PATCH linux-6.12.y v1 2/2] iommu/amd: Use maximum PPR " Liam Merwick
  0 siblings, 2 replies; 3+ messages in thread
From: Liam Merwick @ 2026-07-17 10:49 UTC (permalink / raw)
  To: stable
  Cc: vasant.hegde, joerg.roedel, iommu, dheerajkumar.srivastava, bp,
	Michael.Roth, sashal, linux-coco, liam.merwick

Two commits from Linux 7.1-rc3 fix CVE-2023-20585 which affects SEV-SNP.

"Insufficient checks of the RMP on host buffer access in IOMMU may allow an
attacker with privileges and a compromised hypervisor to trigger an out of
bounds condition without RMP checks, resulting in a potential loss of
confidential guest integrity." [1]

These are suitable candidates for stable branches but stable@vger.kernel.org 
wasn't CC'ed at the time. 

1f44aab79bac ("iommu/amd: Use maximum PPR log buffer size when SNP is enabled on Family 0x19") [v7.1-rc3~24^2~2]
58c0ac6125d8 ("iommu/amd: Use maximum Event log buffer size when SNP is enabled on Family 0x19") [v7.1-rc3~24^2~3]

The upstream commits apply cleanly to linux-7.0.y and linux-6.18.y
and an AUTOSEL email[2] was sent (but not pulled so far).
[ The AI analysis in the AUTOSEL patch said that the patches didn't apply
 cleanly to linux-6.18.y but that is not my experience. ]

There are conflicts applying them to linux-6.12.y due to the lack of upstream
AMD IOMMU kdump buffer reuse code, introduced to v6.18 by commit 
f32fe7cb0198 ("iommu/amd: Add support to remap/unmap IOMMU buffers for kdump")
so I have included patches here which address those.

Tested on AMD machines with Zen4 (impacted) and Zen5 (not impacted) CPUs.

[1] https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3016.html
[2] https://lore.kernel.org/all/20260520111944.3424570-59-sashal@kernel.org 

Vasant Hegde (2):
  iommu/amd: Use maximum Event log buffer size when SNP is enabled on Family 0x19
  iommu/amd: Use maximum PPR log buffer size when SNP is enabled on Family 0x19

 drivers/iommu/amd/amd_iommu.h       |  3 +
 drivers/iommu/amd/amd_iommu_types.h | 21 ++++---
 drivers/iommu/amd/init.c            | 90 ++++++++++++++++++++++-------
 drivers/iommu/amd/iommu.c           |  2 +-
 drivers/iommu/amd/ppr.c             | 10 ++--
 5 files changed, 92 insertions(+), 34 deletions(-)

-- 
2.52.0


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-07-17 10:57 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-17 10:49 [PATCH linux-6.12.y v1 0/2] Backporting SEV-SNP CVE-2023-20585 to linux-stable Liam Merwick
2026-07-17 10:49 ` [PATCH linux-6.12.y v1 1/2] iommu/amd: Use maximum Event log buffer size when SNP is enabled on Family 0x19 Liam Merwick
2026-07-17 10:49 ` [PATCH linux-6.12.y v1 2/2] iommu/amd: Use maximum PPR " Liam Merwick

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox