From patchwork Thu Feb 16 15:47:11 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 9577555 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id B4D1D60244 for ; Thu, 16 Feb 2017 15:47:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A5FBA2861B for ; Thu, 16 Feb 2017 15:47:34 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9925A2861F; Thu, 16 Feb 2017 15:47:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EBDBC2861B for ; Thu, 16 Feb 2017 15:47:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932873AbdBPPr0 (ORCPT ); Thu, 16 Feb 2017 10:47:26 -0500 Received: from mail-sn1nam01on0047.outbound.protection.outlook.com ([104.47.32.47]:29533 "EHLO NAM01-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932571AbdBPPrU (ORCPT ); Thu, 16 Feb 2017 10:47:20 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=UpjzX8okfSvVmyqHJL68Gl3ocHSbNRkMj9knHh2ifDk=; b=4iwDVtBjoAi7TGPIQhZMfoc+VrAd8Ize5hr2xURB59mrSIviSyeBHB7EQE5N/SkVv4rUalpTOMvpSgszj0iyWftLiXBaPm/6UQumxAYBJ4QjHt1vNXEMYoWtAqjHV99jpQ8ZdcSRyeJ4NZdZ4uERm5gjp6j9oy4QXtk6THR+7XU= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Received: from tlendack-t1.amdoffice.net (165.204.77.1) by BN6PR12MB1137.namprd12.prod.outlook.com (10.168.226.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.888.16; Thu, 16 Feb 2017 15:47:14 +0000 From: Tom Lendacky Subject: [RFC PATCH v4 23/28] x86/kvm: Enable Secure Memory Encryption of nested page tables To: , , , , , , , , CC: Rik van Riel , Radim =?utf-8?b?S3LEjW3DocWZ?= , Toshimitsu Kani , Arnd Bergmann , Jonathan Corbet , Matt Fleming , "Michael S. Tsirkin" , Joerg Roedel , Konrad Rzeszutek Wilk , Paolo Bonzini , Brijesh Singh , Ingo Molnar , Alexander Potapenko , Andy Lutomirski , "H. Peter Anvin" , Borislav Petkov , Andrey Ryabinin , Thomas Gleixner , Larry Woodman , Dmitry Vyukov Date: Thu, 16 Feb 2017 09:47:11 -0600 Message-ID: <20170216154711.19244.36719.stgit@tlendack-t1.amdoffice.net> In-Reply-To: <20170216154158.19244.66630.stgit@tlendack-t1.amdoffice.net> References: <20170216154158.19244.66630.stgit@tlendack-t1.amdoffice.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CY1PR20CA0056.namprd20.prod.outlook.com (10.163.250.24) To BN6PR12MB1137.namprd12.prod.outlook.com (10.168.226.139) X-MS-Office365-Filtering-Correlation-Id: b69fd7f7-6be5-491d-f3e0-08d4568315b2 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:BN6PR12MB1137; X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1137; 3:U7TfFHngrTuUhgl7rQi8NpTwd3f34ZeHs/Vv1ra8KFTaRg2lBymCYcgcOtFjPfSP7g4RxIi2VvjAXs6pSP1/ke+Bg6KiqY1vVJ+0PaObDv59YbAafmp500fkRiXULmFogEVLrU89VoAI5oS4LTnuJAb8W3JBvWZ3dhsvmsKXGNWo2H57WUiqnQsA0huzmFomBZ4PL3+b3oG3FRI1Sk/5+mMr1kG1ME4fv6gNg3PHgzI4AaRGbecS3/2k8giAaMTqH6DYDZzFsKw76483OJEJOuijyEQam5ZD7A3IhJFG+IY=; 25:wrOBHj8j77ZQqE8PaqDCGdBZTmHzHuuO0G9tZCOD/1vtnCvlKQmCVcJX+WmQ8Z/GrV/Ck/t6AoV1yZ/pNe71SVXCd/uCv1wsVWXaHjPIiSrNFN9lHsaPROLsX7coGAWBLM+jwCCxqmxDfO7L+cJytqaOmaI8yQcN5cX2x/R0pI4iZ+CkpCo5L9YtR1bqtUgLFXq2irXgprY2FSZa4DI2GBTQ6oDAmavpP5XOY4S/BOI80WyEcqCVw5LoG12Gh4tQQDs9CPJX12OgbX0JtPL7Kx5aYD2xEFHhGtIgyncZqeWOsfLFwxEZi3Y9l+jV6WFC5XVJqj/FCudQ7+ZQRBBDp7yCPbilNv8feKWYfneLzP8dSD3Dzi7pzMTAq7p+qN3CRSzUSTDYPl89oRScdRdmGVDmop2pSUZ7ANIbI2mhCKYNSXydJ5CIKmrKyU8R4nQpMMVSVi0qBMidKQOLhoMSdA== X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1137; 31:EKqsLeXniNIKCMquil6EKGGOGpadzZ5Exul07NvRsyZMZYWSTFsWeS4gAl6S50flfmmUTbi4+s2aNIru66xM1PcoyzH1Ao1XSDWWn4VBcvQujE6cLegubjtkqt/Uuc95w3qSIC9Qq0Q+AgbDjHB2SbJETqTG9EOH7KVanEwDBMzxU5+7uKS8efVU2ERzaMBbynixI2CQjljVZAIC4+FaMsYoi8L6z9WsTedYgi0BrtM=; 20:s6QDc465XZ0tiQRKYiDYc5PlQxIf3qDWx7b6vQFF7k/QhrqDTGjmpXVXgabbDCGmSzKNKXkl8cC4Yvu5D8twzngKgq0sUsZpXrsu++PLLF8euHpWWZOM61U8Xasbisfq7tBR1/fx9gM4uG2EWfUClIdND/vUaSWrV7h38wj8BxNSERbi/WKDcEx/P23Un+2YPjs4ktzv1ijrU48SeUfth1lBMgvzHE0WQAOxAtLKJ8Ov9Ipoa71zPJGbXpPQLO5Mp8X7zuJnduYACAvBHSQ6bMHIFg64FirZJWebEyzf1uk2mnJ+L6J3BTMpNvPx5s6wU2cfUgYNLShpFV/00WpbPaisSTwA/8S6N3cIljP0qnraoLZvWR7SR4oagOuf65PZvRRleFejXNvrzhkzavhR4tnNeJkI2R5i540qDyIeOhdY6TbJspMJSJqGAuTmgEQkF0+n3d3fAtuRDcCxqBFEUebV/i1AC5xL8g3cWE1uoGSNx6D+J2boELTLlWHYhE9t X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(6041248)(20161123555025)(20161123558025)(20161123564025)(20161123560025)(20161123562025)(6072148); SRVR:BN6PR12MB1137; BCL:0; PCL:0; RULEID:; SRVR:BN6PR12MB1137; X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1137; 4:OPRd53Y4qVrT2ZpUuMn5qvEXvyldGeOYz9DjkSzf/kEI4jtcLOOP8zkxqr4voIlpgYV/VCcTxWvOBChX2DAW7I5wb7lNkhoOA9z1O7lgr5UBWnfO7C4tVJo7tdhVRULvX1VTMLNPXmhaAQcyDmSA56SeMxsRcOB2YbQ+hxz2rz9L5Q5EHR4bJNZkyxtNrP9Sa2FwiSDlDVA0zHmvHPAwMp+CleG9Hn/zKdQt84HnNHhFUVfG01RdJ4A1K/HcCa38pUa89u13V+8L5Jjnc2rUsYoMxUGSfJVq5YPFhzVfo31uO1+1XhAhICeHx1VGlxKkjAPJXe3ythf4pqLzXr7tryllRqaYn8PEvSprXWmye1d7lA8QHslKojYFDOr5IXxMWiQ6WEqlwARgptaet2vGheg1eQIGMCnZMoALtBaGR1OAshf0+t3LxY8OOKKSX0jd1QcPVm046MO1lkg8XWXVHnR2/vb4xlZbV60EC2kqKsLbv9yFwA5ay14sZT4cfyLWGDS/5BB9UJdZLa0UR0pN3bvzZvEDeVRXVGDeOptlGWSfVBvhs7uJhG+gnsTl53WXWtuzsDpqjIi84vd6ovkNL5N9YmeRQ2s1KKOE7iZStVL8YOh0mmAj6yVXlR2JeGnqB+A2bqz+jwEU86u8p0YV6f4yMatInLGMwEKBkIT4duc= X-Forefront-PRVS: 0220D4B98D X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(7916002)(39450400003)(39860400002)(39840400002)(39850400002)(39410400002)(199003)(189002)(5660300001)(4326007)(2906002)(38730400002)(69596002)(6116002)(7416002)(389900003)(1076002)(9686003)(3846002)(68736007)(4001350100001)(76176999)(6506006)(50986999)(97736004)(54356999)(6666003)(106356001)(81166006)(54906002)(33646002)(81156014)(8676002)(103116003)(92566002)(53936002)(105586002)(2201001)(50466002)(42186005)(55016002)(86362001)(7736002)(2950100002)(101416001)(83506001)(47776003)(23676002)(97746001)(189998001)(66066001)(305945005)(230700001)(53416004)(25786008)(71626007)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR12MB1137; H:tlendack-t1.amdoffice.net; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjZQUjEyTUIxMTM3OzIzOjFIdmV5TkxHVkVkeTU1QU1CdjZEcmhzV1Er?= =?utf-8?B?ZW1majdpL3VrSXorTnB0QW41LzhpZWd0aUcxWE9QNFc2dHdBOVB6L2NSczlw?= =?utf-8?B?YmdlZ0hQczdSR05QWFl2NThmcENtdjRqZ0R0cFpYaVZBZnNUbkQxQkV6MnFP?= =?utf-8?B?RWlrelFPZDhPdTltT0o5ZlZRNENleUx6bDMrQk1lc3VNY0MweENYZjJJeWJ2?= =?utf-8?B?OEZtbndRVHltQWJ4MGt2ODQ0ZWVZc1BtVmFZeEd3aFBqUXhNTXk0QjAvd1RF?= =?utf-8?B?eTllTVZlVk13WjdHSTlkeG40RGFwV0VZOWZEWU5Gb2MvZ0JPaEd6OW03NGxR?= =?utf-8?B?eERQeTN4a0FCMGRnVXA1ZzhZNWc1RlFraWNPd1VXVTNJVURNNHE1a0xtZzJQ?= =?utf-8?B?b2pXeWtTczhWNWNhbkYwZ0ZZMDVMdTB5N1BCWGFsc25XS24yRUJialdDTkYw?= =?utf-8?B?VjdyZWlaV1p6Q0tvT3BRNFYwR0dUTm4wRG5SbDFlaCtlZ0NHMjVMOGdVKzY5?= =?utf-8?B?NVl4RmhybkxmZWZVYkJ0NXUvZHp4R0V6WVJHL0xkR2ZkRHdEZ2xSOXVzMkNq?= =?utf-8?B?MnZtNncvZDVIZjAyN25YNWQ0cXZ5cXNqMExIb1R4WWdsR01IMmF0V0lwaFRa?= =?utf-8?B?RG1VQVJnQ3JpRi9RdWpvZ1lpa21reXNlNXA1Zloxc1BvT3V1YUpnUG1nbERO?= =?utf-8?B?U28xbnRZdGtJYlRmSGo4c2lUSjNGeCtWLzNWUi9TTXg3T0xWRUduaUpOaXRR?= =?utf-8?B?czd2QmhGb0F6bW5ZYmlCazJndmZnUFJBaWh3d2JYQi9nVHNOTlRYak5NTjFu?= =?utf-8?B?TTFzazR5Sko3RFJ3eHJlZkt4QlVDOGtzSDhGSTc2RGN3Rm10OWxaNExUQ2lG?= =?utf-8?B?WU5EV2dKOVBNMGovMjdCeTJYeUVuWCtaTUlSQmk2VWNhS0M2WU1YcWNVVzBR?= =?utf-8?B?eGpRd3MrdTlkUGRuR2oreDd6T1BMYy9xb3FPdWduanIzemloWTlmNlhvMUx4?= =?utf-8?B?QVlXQnJ2TFhCYzB4V2c3bWtZS0V5UDRCUWludk42eTJ4Q0twZGNJUFkxbFZi?= =?utf-8?B?aDJjalF5MXZUdlpvdlE3Sk9UZjlYbDFZYTF3ZURhTGY3ZGJydGRiTjlKbFU2?= =?utf-8?B?Z1NCSFpMajJOU2JVN0xxTFVYMk9SdkRvY1pXcVA3Sm1mTzJjZTdvVGtLL1Rx?= =?utf-8?B?VFVJTXdWZUNqMFkvVFo0MjRxcTlRQmhoZHIydzJOcHdDUnd1THg2ckVkNmM2?= =?utf-8?B?OGRVU2JoZDZ6UlZFVmo5VFZRTFJSaDFoMGdqMFo5SHRpVXM2aURXRUw4cCtU?= =?utf-8?B?VTltNEdQRXdYYXBqK0x1Q1RpN212a2VNbFZkMnBrWHZHdGdMcjlRQ3hhMmE1?= =?utf-8?B?TC90QnhpaUM0eDFlSDF3UEgwd3VKWjB3MUJVYmhKZHkvWlBxd0ZEZG5BSGpX?= =?utf-8?B?NVRNbm01OHgwY0Y0T0dQYkEzb1BRNVhRSkdhZ21IVTAwYTByUlJYR1Bvd2tW?= =?utf-8?B?Yk9PUGdjU3ZrajlmOGVjOWNCUkFISTFlZGdoSXpnWWd6UWN5d2J2L0JWT1Fn?= =?utf-8?B?UFpWTU1WcUZ4cEJvMkVPVzN2Y0JpclJ4NC85RG1YMmk4cFBnMmNjeHUzdXJV?= =?utf-8?B?RVN3VWN0Zzk2aGwwLzRJODYyaUErVmpPZVFlVFNCeWlZODV6NjdLcXR0bXlS?= =?utf-8?B?aml3NW53aXZkd2FxUW9ZUEgwMUdBakNGRk44VjIwUExQc2NaeE1PS2FVS1NE?= =?utf-8?B?YjFvR3kvWDRndkhRamI0bUY0Y29MTEZ4Y2t2eGk5K2pEY3cveC80V2xhVHVO?= =?utf-8?B?WGxsZit0bW9Gd2xPR2p0bDRxUmhuT1ZBTGl1S3FZWHd2RmFGOC81Q044YUdj?= =?utf-8?B?RmpWR3FFT0dGeU8zN0tuaUhoYjl0QXFjRm9KdXRLMm1acU4vZkFURVpRazJD?= =?utf-8?B?T25hZndjQUdnPT0=?= X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1137; 6:EmxBstXNDoVv9ksDYHlVSj7eg0FnIJPZNbDBvKiqL+Pcq/6UiTnl/37mqRE0nWI3lRXwI1OG69zm30iXS47Ywavj0X3DsPOgqBdznn+/TFHeq5Ra8PUv5heYhXqB/7cXzIn1hV1LhLPnuNuIWPoDW4+e8AwmgR382MfJPUdPcK+x1NiTP8nsmZgqDHbBiaQXoqrEGU37MzEnDIIlAmdtqPe8jriPTI5x1OG4VJzQZlu/mZEBUeaYn+i8YH0DdKbN+Yd/9Au3A6LhdQAKcCjNZRerzH+itasS+7Aq3sw62zASsRCEHME+/Op7emn3sOxPGOH6pfR1wIFCTn1EstiFi31qh+Nhb7Lr95N9ttN3WakCQgW9VmA3u80eCep/Hd/Jb8TjCDHGn2v3HfulsCCoeSSscLz7Q7UJByMj58pQlhs=; 5:nMOp1DUw1tW909vRABDGit91N9opekdZCgrT5UsqaNGPJEDoaQoYGy7egvwJQeLSNazEpCeWCteM/mKvmG1lTRwG7uIkOk7kJClYpm4iUXNXmoAbR2KC+KmqHGgQjS5CdcJI5YA4kI0eryFS4glziw==; 24:SUq6CKeGhrH/bc5eDO9i6yWVsRUuT/1Z7/sd6o8SBUYc3xtu9DAKFZKUBlC8qvLX+x1XCKhlcQxM2hIG85A5z7IEpaSy4GOFCk1MgREW6Ig= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1137; 7:0lyPuIe6UnMDvXlz1yzp+YYwxvKQdAIOl3BvOAcsIG14nhb7eqSn/vNgZNsJMhSd0FgG7JXkkT4ZT+hcSzZZC4gnbt3QU3lkEPhUoYub12OynvwkIBINa6mhAikjIY5xTVny4RwZMflpMaLWzQwgJWkgd7oR9LPlSPKGe7P2hfcg3OIBK2Bm/N9TwOm9k06J5rkLAy9PEhO3c3oCvM1jqgB4/DpVUNbAPRkqhMlLwNzxAsWMRVPovcp8V2m+0u9fD/Qfxd0BglkPthmHsziuNvTmHlEVW/Z5wYfhkMrtakoBzYYTRFBLHIKziQxVALELqE1jms5pCX5ToHsatRNReg==; 20:gCPrMDcxDdEuyS/ZK+heJa13ecvAgd6WWJmGrs57hQUrVGZ9P2FcyPpy0fEN1r0kO0NoSmrwTG7unAcu4B9PhfgNpLtDt007617UzjKaCksSbF34+qf75uMQeq5IjyqK88hbL4ezp/zImvOmPbYdb7Nt/bVdUzGVMyuHvo1gTL04DIvIBup51gK0V1TUrJdq/PUwhs7yKlTi68NGqdZ8+oK1ybxw8aO4OjENARMPeo9nXd+r1nKjmGRJ2D2F/2iM X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Feb 2017 15:47:14.2711 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR12MB1137 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Update the KVM support to include the memory encryption mask when creating and using nested page tables. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kvm_host.h | 3 ++- arch/x86/kvm/mmu.c | 8 ++++++-- arch/x86/kvm/vmx.c | 3 ++- arch/x86/kvm/x86.c | 3 ++- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index a7066dc..37326b5 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1050,7 +1050,8 @@ struct kvm_arch_async_pf { void kvm_mmu_init_vm(struct kvm *kvm); void kvm_mmu_uninit_vm(struct kvm *kvm); void kvm_mmu_set_mask_ptes(u64 user_mask, u64 accessed_mask, - u64 dirty_mask, u64 nx_mask, u64 x_mask, u64 p_mask); + u64 dirty_mask, u64 nx_mask, u64 x_mask, u64 p_mask, + u64 me_mask); void kvm_mmu_reset_context(struct kvm_vcpu *vcpu); void kvm_mmu_slot_remove_write_access(struct kvm *kvm, diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index d8d235b..46f246c 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -123,7 +123,7 @@ enum { * PT32_LEVEL_BITS))) - 1)) #define PT64_PERM_MASK (PT_PRESENT_MASK | PT_WRITABLE_MASK | shadow_user_mask \ - | shadow_x_mask | shadow_nx_mask) + | shadow_x_mask | shadow_nx_mask | shadow_me_mask) #define ACC_EXEC_MASK 1 #define ACC_WRITE_MASK PT_WRITABLE_MASK @@ -178,6 +178,7 @@ struct kvm_shadow_walk_iterator { static u64 __read_mostly shadow_dirty_mask; static u64 __read_mostly shadow_mmio_mask; static u64 __read_mostly shadow_present_mask; +static u64 __read_mostly shadow_me_mask; static void mmu_spte_set(u64 *sptep, u64 spte); static void mmu_free_roots(struct kvm_vcpu *vcpu); @@ -285,7 +286,8 @@ static bool check_mmio_spte(struct kvm_vcpu *vcpu, u64 spte) } void kvm_mmu_set_mask_ptes(u64 user_mask, u64 accessed_mask, - u64 dirty_mask, u64 nx_mask, u64 x_mask, u64 p_mask) + u64 dirty_mask, u64 nx_mask, u64 x_mask, u64 p_mask, + u64 me_mask) { shadow_user_mask = user_mask; shadow_accessed_mask = accessed_mask; @@ -293,6 +295,7 @@ void kvm_mmu_set_mask_ptes(u64 user_mask, u64 accessed_mask, shadow_nx_mask = nx_mask; shadow_x_mask = x_mask; shadow_present_mask = p_mask; + shadow_me_mask = me_mask; } EXPORT_SYMBOL_GPL(kvm_mmu_set_mask_ptes); @@ -2546,6 +2549,7 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep, pte_access &= ~ACC_WRITE_MASK; spte |= (u64)pfn << PAGE_SHIFT; + spte |= shadow_me_mask; if (pte_access & ACC_WRITE_MASK) { diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index a236dec..fac3c27 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -6703,7 +6703,8 @@ static __init int hardware_setup(void) (enable_ept_ad_bits) ? VMX_EPT_DIRTY_BIT : 0ull, 0ull, VMX_EPT_EXECUTABLE_MASK, cpu_has_vmx_ept_execute_only() ? - 0ull : VMX_EPT_READABLE_MASK); + 0ull : VMX_EPT_READABLE_MASK, + 0ull); ept_set_mmio_spte_mask(); kvm_enable_tdp(); } else diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index a719783..9e6a593 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -67,6 +67,7 @@ #include #include #include +#include #define CREATE_TRACE_POINTS #include "trace.h" @@ -6027,7 +6028,7 @@ int kvm_arch_init(void *opaque) kvm_mmu_set_mask_ptes(PT_USER_MASK, PT_ACCESSED_MASK, PT_DIRTY_MASK, PT64_NX_MASK, 0, - PT_PRESENT_MASK); + PT_PRESENT_MASK, sme_me_mask); kvm_timer_init(); perf_register_guest_info_callbacks(&kvm_guest_cbs);