Message ID | 20180308231731.27881.84826.stgit@tlendack-t1.amdoffice.net (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
On 3/8/2018 5:17 PM, Tom Lendacky wrote: > When using device passthrough with SME active, the MMIO range that is > mapped for the device should not be mapped encrypted. Add a check in > set_spte() to insure that a page is not mapped encrypted if that page > is a device MMIO page as indicated by kvm_is_mmio_pfn(). > > Cc: <stable@vger.kernel.org> # 4.14.x- > Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Any concerns with this fix? Thanks, Tom > --- > arch/x86/kvm/mmu.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c > index f551962..763bb3b 100644 > --- a/arch/x86/kvm/mmu.c > +++ b/arch/x86/kvm/mmu.c > @@ -2770,8 +2770,10 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep, > else > pte_access &= ~ACC_WRITE_MASK; > > + if (!kvm_is_mmio_pfn(pfn)) > + spte |= shadow_me_mask; > + > spte |= (u64)pfn << PAGE_SHIFT; > - spte |= shadow_me_mask; > > if (pte_access & ACC_WRITE_MASK) { > >
On 09/03/2018 00:17, Tom Lendacky wrote: > When using device passthrough with SME active, the MMIO range that is > mapped for the device should not be mapped encrypted. Add a check in > set_spte() to insure that a page is not mapped encrypted if that page > is a device MMIO page as indicated by kvm_is_mmio_pfn(). > > Cc: <stable@vger.kernel.org> # 4.14.x- > Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> > --- > arch/x86/kvm/mmu.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c > index f551962..763bb3b 100644 > --- a/arch/x86/kvm/mmu.c > +++ b/arch/x86/kvm/mmu.c > @@ -2770,8 +2770,10 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep, > else > pte_access &= ~ACC_WRITE_MASK; > > + if (!kvm_is_mmio_pfn(pfn)) > + spte |= shadow_me_mask; > + > spte |= (u64)pfn << PAGE_SHIFT; > - spte |= shadow_me_mask; > > if (pte_access & ACC_WRITE_MASK) { > > No, I'm applying it. Paolo
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index f551962..763bb3b 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -2770,8 +2770,10 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep, else pte_access &= ~ACC_WRITE_MASK; + if (!kvm_is_mmio_pfn(pfn)) + spte |= shadow_me_mask; + spte |= (u64)pfn << PAGE_SHIFT; - spte |= shadow_me_mask; if (pte_access & ACC_WRITE_MASK) {
When using device passthrough with SME active, the MMIO range that is mapped for the device should not be mapped encrypted. Add a check in set_spte() to insure that a page is not mapped encrypted if that page is a device MMIO page as indicated by kvm_is_mmio_pfn(). Cc: <stable@vger.kernel.org> # 4.14.x- Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> --- arch/x86/kvm/mmu.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)