Skip to content

uh_mem: Fix a few oversights and edge cases #2009

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

uh_mem: Fix a few oversights and edge cases #2009

wants to merge 2 commits into from
+27 −21

Conversation

smalis-msft
Copy link
Contributor

@smalis-msft smalis-msft commented Sep 15, 2025
edited
Loading

This fixes some oversights and edge cases in underhill_mem that were pointed out during an audit of our memory protections code.

  1. We need to remove permissions when unaccepting pages on SNP
  2. We need to completely forbid changing permissions on individual overlay pages to avoid a potential race condition (does not apply to the default permissions case)
  3. We need to be careful around changing the default permissions when pages are locked, since we don't restore default permissions when they're unlocked
  4. Remove a stale comment

Fixes #1021

@smalis-msft smalis-msft requested a review from a team as a code owner September 15, 2025 21:54
@Copilot Copilot AI review requested due to automatic review settings September 15, 2025 21:54
@smalis-msft smalis-msft changed the title WIP: uh_mem: Fix a number of oversights WIP: uh_mem: Fix a number of oversights and edge cases Sep 15, 2025
@smalis-msft smalis-msft added the backport_2505 Change should be backported to the release/2505 branch label Sep 15, 2025
@smalis-msft smalis-msft changed the title WIP: uh_mem: Fix a number of oversights and edge cases WIP: uh_mem: Fix a few oversights and edge cases Sep 15, 2025
Copilot
Copilot AI reviewed Sep 15, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes several security and correctness issues in the underhill_mem memory protection subsystem, addressing edge cases around SNP memory unacceptance, overlay page permissions, and locked page handling.

  • Adds permission revocation before unaccepting pages on SNP to close a security window
  • Prevents permission changes on individual overlay pages to avoid race conditions
  • Refactors locked page checking logic to be more robust

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
openhcl/underhill_mem/src/lib.rs Main fixes for SNP unacceptance, overlay page validation, and locked page handling logic
openhcl/underhill_mem/src/init.rs Removes outdated comment about HCL Arc usage

@github-actions GitHub Actions
Copy link

At least one Petri test failed.

@smalis-msft smalis-msft added the release-ci-required Add to a PR to trigger PR gates in release mode label Sep 16, 2025
@smalis-msft smalis-msft changed the title WIP: uh_mem: Fix a few oversights and edge cases uh_mem: Fix a few oversights and edge cases Sep 18, 2025
jstarks
jstarks reviewed Sep 18, 2025
View reviewed changes
@smalis-msft smalis-msft added release-ci-required Add to a PR to trigger PR gates in release mode and removed release-ci-required Add to a PR to trigger PR gates in release mode labels Sep 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@jstarks jstarks jstarks approved these changes

@benhillis benhillis benhillis approved these changes

Assignees
No one assigned
Labels
backport_2505 Change should be backported to the release/2505 branch release-ci-required Add to a PR to trigger PR gates in release mode
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Validate TLB flushes with memory protections
3 participants
@smalis-msft @jstarks @benhillis