linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] KVM: x86: Fix device passthrough when SME is active
@ 2018-03-08 23:17 Tom Lendacky
  2018-03-16  4:03 ` Tom Lendacky
  2018-03-16 12:29 ` Paolo Bonzini
  0 siblings, 2 replies; 3+ messages in thread
From: Tom Lendacky @ 2018-03-08 23:17 UTC (permalink / raw)
  To: x86, linux-kernel, kvm
  Cc: Brijesh Singh, Radim Krčmář,
	Joerg Roedel, Ingo Molnar, Borislav Petkov, H. Peter Anvin,
	Paolo Bonzini, Thomas Gleixner

When using device passthrough with SME active, the MMIO range that is
mapped for the device should not be mapped encrypted.  Add a check in
set_spte() to insure that a page is not mapped encrypted if that page
is a device MMIO page as indicated by kvm_is_mmio_pfn().

Cc: <stable@vger.kernel.org> # 4.14.x-
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 arch/x86/kvm/mmu.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index f551962..763bb3b 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -2770,8 +2770,10 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
 	else
 		pte_access &= ~ACC_WRITE_MASK;
 
+	if (!kvm_is_mmio_pfn(pfn))
+		spte |= shadow_me_mask;
+
 	spte |= (u64)pfn << PAGE_SHIFT;
-	spte |= shadow_me_mask;
 
 	if (pte_access & ACC_WRITE_MASK) {
 

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] KVM: x86: Fix device passthrough when SME is active
  2018-03-08 23:17 [PATCH] KVM: x86: Fix device passthrough when SME is active Tom Lendacky
@ 2018-03-16  4:03 ` Tom Lendacky
  2018-03-16 12:29 ` Paolo Bonzini
  1 sibling, 0 replies; 3+ messages in thread
From: Tom Lendacky @ 2018-03-16  4:03 UTC (permalink / raw)
  To: x86, linux-kernel, kvm
  Cc: Brijesh Singh, Radim Krčmář,
	Joerg Roedel, Ingo Molnar, Borislav Petkov, H. Peter Anvin,
	Paolo Bonzini, Thomas Gleixner

On 3/8/2018 5:17 PM, Tom Lendacky wrote:
> When using device passthrough with SME active, the MMIO range that is
> mapped for the device should not be mapped encrypted.  Add a check in
> set_spte() to insure that a page is not mapped encrypted if that page
> is a device MMIO page as indicated by kvm_is_mmio_pfn().
> 
> Cc: <stable@vger.kernel.org> # 4.14.x-
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

Any concerns with this fix?

Thanks,
Tom

> ---
>  arch/x86/kvm/mmu.c |    4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> index f551962..763bb3b 100644
> --- a/arch/x86/kvm/mmu.c
> +++ b/arch/x86/kvm/mmu.c
> @@ -2770,8 +2770,10 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
>  	else
>  		pte_access &= ~ACC_WRITE_MASK;
>  
> +	if (!kvm_is_mmio_pfn(pfn))
> +		spte |= shadow_me_mask;
> +
>  	spte |= (u64)pfn << PAGE_SHIFT;
> -	spte |= shadow_me_mask;
>  
>  	if (pte_access & ACC_WRITE_MASK) {
>  
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] KVM: x86: Fix device passthrough when SME is active
  2018-03-08 23:17 [PATCH] KVM: x86: Fix device passthrough when SME is active Tom Lendacky
  2018-03-16  4:03 ` Tom Lendacky
@ 2018-03-16 12:29 ` Paolo Bonzini
  1 sibling, 0 replies; 3+ messages in thread
From: Paolo Bonzini @ 2018-03-16 12:29 UTC (permalink / raw)
  To: Tom Lendacky, x86, linux-kernel, kvm
  Cc: Brijesh Singh, Radim Krčmář,
	Joerg Roedel, Ingo Molnar, Borislav Petkov, H. Peter Anvin,
	Thomas Gleixner

On 09/03/2018 00:17, Tom Lendacky wrote:
> When using device passthrough with SME active, the MMIO range that is
> mapped for the device should not be mapped encrypted.  Add a check in
> set_spte() to insure that a page is not mapped encrypted if that page
> is a device MMIO page as indicated by kvm_is_mmio_pfn().
> 
> Cc: <stable@vger.kernel.org> # 4.14.x-
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
>  arch/x86/kvm/mmu.c |    4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> index f551962..763bb3b 100644
> --- a/arch/x86/kvm/mmu.c
> +++ b/arch/x86/kvm/mmu.c
> @@ -2770,8 +2770,10 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
>  	else
>  		pte_access &= ~ACC_WRITE_MASK;
>  
> +	if (!kvm_is_mmio_pfn(pfn))
> +		spte |= shadow_me_mask;
> +
>  	spte |= (u64)pfn << PAGE_SHIFT;
> -	spte |= shadow_me_mask;
>  
>  	if (pte_access & ACC_WRITE_MASK) {
>  
> 

No, I'm applying it.

Paolo

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-03-16 12:29 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-08 23:17 [PATCH] KVM: x86: Fix device passthrough when SME is active Tom Lendacky
2018-03-16  4:03 ` Tom Lendacky
2018-03-16 12:29 ` Paolo Bonzini

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).