diff options
| author | Sean Christopherson <seanjc@google.com> | 2021-03-09 14:42:07 -0800 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2021-03-15 04:44:08 -0400 |
| commit | 4a98623d5d90175c0f99d185171e60807391e487 (patch) | |
| tree | 513f6bd869a41a061c258a376f4424d3b52c4897 /arch/x86/kvm/svm/svm.c | |
| parent | c834e5e44fc15acd4e8a894d462535021c80533e (diff) | |
| download | lwn-4a98623d5d90175c0f99d185171e60807391e487.tar.gz lwn-4a98623d5d90175c0f99d185171e60807391e487.zip | |
KVM: x86/mmu: Mark the PAE roots as decrypted for shadow paging
Set the PAE roots used as decrypted to play nice with SME when KVM is
using shadow paging. Explicitly skip setting the C-bit when loading
CR3 for PAE shadow paging, even though it's completely ignored by the
CPU. The extra documentation is nice to have.
Note, there are several subtleties at play with NPT. In addition to
legacy shadow paging, the PAE roots are used for SVM's NPT when either
KVM is 32-bit (uses PAE paging) or KVM is 64-bit and shadowing 32-bit
NPT. However, 32-bit Linux, and thus KVM, doesn't support SME. And
64-bit KVM can happily set the C-bit in CR3. This also means that
keeping __sme_set(root) for 32-bit KVM when NPT is enabled is
conceptually wrong, but functionally ok since SME is 64-bit only.
Leave it as is to avoid unnecessary pollution.
Fixes: d0ec49d4de90 ("kvm/x86/svm: Support Secure Memory Encryption within KVM")
Cc: stable@vger.kernel.org
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210309224207.1218275-5-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'arch/x86/kvm/svm/svm.c')
| -rw-r--r-- | arch/x86/kvm/svm/svm.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 58f4dc0e7864..271196400495 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3907,9 +3907,8 @@ static void svm_load_mmu_pgd(struct kvm_vcpu *vcpu, hpa_t root_hpa, struct vcpu_svm *svm = to_svm(vcpu); unsigned long cr3; - root_hpa = __sme_set(root_hpa); if (npt_enabled) { - svm->vmcb->control.nested_cr3 = root_hpa; + svm->vmcb->control.nested_cr3 = __sme_set(root_hpa); vmcb_mark_dirty(svm->vmcb, VMCB_NPT); /* Loading L2's CR3 is handled by enter_svm_guest_mode. */ @@ -3917,7 +3916,7 @@ static void svm_load_mmu_pgd(struct kvm_vcpu *vcpu, hpa_t root_hpa, return; cr3 = vcpu->arch.cr3; } else if (vcpu->arch.mmu->shadow_root_level >= PT64_ROOT_4LEVEL) { - cr3 = root_hpa | kvm_get_active_pcid(vcpu); + cr3 = __sme_set(root_hpa) | kvm_get_active_pcid(vcpu); } else { /* PCID in the guest should be impossible with a 32-bit MMU. */ WARN_ON_ONCE(kvm_get_active_pcid(vcpu)); |