github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 05:55:44 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
fc9bf2e087
linux/arch/x86
History
Sean Christopherson fc9bf2e087 KVM: x86/mmu: Do not apply HPA (memory encryption) mask to GPAs 
Ignore "dynamic" host adjustments to the physical address mask when
generating the masks for guest PTEs, i.e. the guest PA masks.  The host
physical address space and guest physical address space are two different
beasts, e.g. even though SEV's C-bit is the same bit location for both
host and guest, disabling SME in the host (which clears shadow_me_mask)
does not affect the guest PTE->GPA "translation".

For non-SEV guests, not dropping bits is the correct behavior.  Assuming
KVM and userspace correctly enumerate/configure guest MAXPHYADDR, bits
that are lost as collateral damage from memory encryption are treated as
reserved bits, i.e. KVM will never get to the point where it attempts to
generate a gfn using the affected bits.  And if userspace wants to create
a bogus vCPU, then userspace gets to deal with the fallout of hardware
doing odd things with bad GPAs.

For SEV guests, not dropping the C-bit is technically wrong, but it's a
moot point because KVM can't read SEV guest's page tables in any case
since they're always encrypted.  Not to mention that the current KVM code
is also broken since sme_me_mask does not have to be non-zero for SEV to
be supported by KVM.  The proper fix would be to teach all of KVM to
correctly handle guest private memory, but that's a task for the future.

Fixes: d0ec49d4de ("kvm/x86/svm: Support Secure Memory Encryption within KVM")
Cc: stable@vger.kernel.org
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210623230552.4027702-5-seanjc@google.com>
[Use a new header instead of adding header guards to paging_tmpl.h. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-14 12:17:56 -04:00
..
boot x86/boot/compressed: Enable -Wundef 2021-05-12 21:39:56 +02:00
configs
crypto Objtool updates in this cycle were: 2021-04-28 12:53:24 -07:00
entry quota: Disable quotactl_path syscall 2021-05-17 14:39:56 +02:00
events perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server 2021-06-01 16:00:05 +02:00
hyperv The x86 MM changes in this cycle were: 2021-04-29 11:41:43 -07:00
ia32
include Merge tag 'kvm-s390-master-5.14-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into HEAD 2021-07-14 12:14:27 -04:00
kernel Merge tag 'kvm-s390-master-5.14-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into HEAD 2021-07-14 12:14:27 -04:00
kvm KVM: x86/mmu: Do not apply HPA (memory encryption) mask to GPAs 2021-07-14 12:17:56 -04:00
lib - turn the stack canary into a normal __percpu variable on 32-bit which 2021-04-27 17:45:09 -07:00
math-emu x86/fpu/math-emu: Fix function cast warning 2021-03-23 00:08:02 +01:00
mm x86/mm: Avoid truncating memblocks for SGX memory 2021-06-18 19:37:01 +02:00
net Networking changes for 5.13. 2021-04-29 11:57:23 -07:00
pci pci-v5.13-fixes-2 2021-06-18 13:54:11 -07:00
platform x86/setup: Always reserve the first 1M of RAM 2021-06-03 19:57:55 +02:00
power - turn the stack canary into a normal __percpu variable on 32-bit which 2021-04-27 17:45:09 -07:00
purgatory
ras
realmode x86/setup: Always reserve the first 1M of RAM 2021-06-03 19:57:55 +02:00
tools x86/tools/insn_sanity: Convert to insn_decode() 2021-03-15 12:21:11 +01:00
um um: elf.h: Fix W=1 warning for empty body in 'do' statement 2021-04-15 23:10:50 +02:00
video
xen x86/Xen: swap NX determination and GDT setup on BSP 2021-05-21 09:53:52 +02:00
.gitignore
Kbuild
Kconfig x86/Kconfig: introduce ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE 2021-05-05 11:27:27 -07:00
Kconfig.assembler
Kconfig.cpu
Kconfig.debug
Makefile x86, lto: Pass -stack-alignment only on LLD < 13.0.0 2021-06-11 10:33:45 -07:00
Makefile_32.cpu
Makefile.um