* [PATCH] KVM: x86: Fix device passthrough when SME is active
@ 2018-03-08 23:17 Tom Lendacky
2018-03-16 4:03 ` Tom Lendacky
2018-03-16 12:29 ` Paolo Bonzini
0 siblings, 2 replies; 3+ messages in thread
From: Tom Lendacky @ 2018-03-08 23:17 UTC (permalink / raw)
To: x86, linux-kernel, kvm
Cc: Brijesh Singh, Radim Krčmář,
Joerg Roedel, Ingo Molnar, Borislav Petkov, H. Peter Anvin,
Paolo Bonzini, Thomas Gleixner
When using device passthrough with SME active, the MMIO range that is
mapped for the device should not be mapped encrypted. Add a check in
set_spte() to insure that a page is not mapped encrypted if that page
is a device MMIO page as indicated by kvm_is_mmio_pfn().
Cc: <stable@vger.kernel.org> # 4.14.x-
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
arch/x86/kvm/mmu.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index f551962..763bb3b 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -2770,8 +2770,10 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
else
pte_access &= ~ACC_WRITE_MASK;
+ if (!kvm_is_mmio_pfn(pfn))
+ spte |= shadow_me_mask;
+
spte |= (u64)pfn << PAGE_SHIFT;
- spte |= shadow_me_mask;
if (pte_access & ACC_WRITE_MASK) {
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] KVM: x86: Fix device passthrough when SME is active
2018-03-08 23:17 [PATCH] KVM: x86: Fix device passthrough when SME is active Tom Lendacky
@ 2018-03-16 4:03 ` Tom Lendacky
2018-03-16 12:29 ` Paolo Bonzini
1 sibling, 0 replies; 3+ messages in thread
From: Tom Lendacky @ 2018-03-16 4:03 UTC (permalink / raw)
To: x86, linux-kernel, kvm
Cc: Brijesh Singh, Radim Krčmář,
Joerg Roedel, Ingo Molnar, Borislav Petkov, H. Peter Anvin,
Paolo Bonzini, Thomas Gleixner
On 3/8/2018 5:17 PM, Tom Lendacky wrote:
> When using device passthrough with SME active, the MMIO range that is
> mapped for the device should not be mapped encrypted. Add a check in
> set_spte() to insure that a page is not mapped encrypted if that page
> is a device MMIO page as indicated by kvm_is_mmio_pfn().
>
> Cc: <stable@vger.kernel.org> # 4.14.x-
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Any concerns with this fix?
Thanks,
Tom
> ---
> arch/x86/kvm/mmu.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> index f551962..763bb3b 100644
> --- a/arch/x86/kvm/mmu.c
> +++ b/arch/x86/kvm/mmu.c
> @@ -2770,8 +2770,10 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
> else
> pte_access &= ~ACC_WRITE_MASK;
>
> + if (!kvm_is_mmio_pfn(pfn))
> + spte |= shadow_me_mask;
> +
> spte |= (u64)pfn << PAGE_SHIFT;
> - spte |= shadow_me_mask;
>
> if (pte_access & ACC_WRITE_MASK) {
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] KVM: x86: Fix device passthrough when SME is active
2018-03-08 23:17 [PATCH] KVM: x86: Fix device passthrough when SME is active Tom Lendacky
2018-03-16 4:03 ` Tom Lendacky
@ 2018-03-16 12:29 ` Paolo Bonzini
1 sibling, 0 replies; 3+ messages in thread
From: Paolo Bonzini @ 2018-03-16 12:29 UTC (permalink / raw)
To: Tom Lendacky, x86, linux-kernel, kvm
Cc: Brijesh Singh, Radim Krčmář,
Joerg Roedel, Ingo Molnar, Borislav Petkov, H. Peter Anvin,
Thomas Gleixner
On 09/03/2018 00:17, Tom Lendacky wrote:
> When using device passthrough with SME active, the MMIO range that is
> mapped for the device should not be mapped encrypted. Add a check in
> set_spte() to insure that a page is not mapped encrypted if that page
> is a device MMIO page as indicated by kvm_is_mmio_pfn().
>
> Cc: <stable@vger.kernel.org> # 4.14.x-
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
> arch/x86/kvm/mmu.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> index f551962..763bb3b 100644
> --- a/arch/x86/kvm/mmu.c
> +++ b/arch/x86/kvm/mmu.c
> @@ -2770,8 +2770,10 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
> else
> pte_access &= ~ACC_WRITE_MASK;
>
> + if (!kvm_is_mmio_pfn(pfn))
> + spte |= shadow_me_mask;
> +
> spte |= (u64)pfn << PAGE_SHIFT;
> - spte |= shadow_me_mask;
>
> if (pte_access & ACC_WRITE_MASK) {
>
>
No, I'm applying it.
Paolo
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-03-16 12:29 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-08 23:17 [PATCH] KVM: x86: Fix device passthrough when SME is active Tom Lendacky
2018-03-16 4:03 ` Tom Lendacky
2018-03-16 12:29 ` Paolo Bonzini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).