Re: [PATCH] KVM: x86: Fix device passthrough when SME is active

From: Tom Lendacky
Date: Fri Mar 16 2018 - 00:03:24 EST


On 3/8/2018 5:17 PM, Tom Lendacky wrote:
> When using device passthrough with SME active, the MMIO range that is
> mapped for the device should not be mapped encrypted. Add a check in
> set_spte() to insure that a page is not mapped encrypted if that page
> is a device MMIO page as indicated by kvm_is_mmio_pfn().
>
> Cc: <stable@xxxxxxxxxxxxxxx> # 4.14.x-
> Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>

Any concerns with this fix?

Thanks,
Tom

> ---
> arch/x86/kvm/mmu.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> index f551962..763bb3b 100644
> --- a/arch/x86/kvm/mmu.c
> +++ b/arch/x86/kvm/mmu.c
> @@ -2770,8 +2770,10 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
> else
> pte_access &= ~ACC_WRITE_MASK;
>
> + if (!kvm_is_mmio_pfn(pfn))
> + spte |= shadow_me_mask;
> +
> spte |= (u64)pfn << PAGE_SHIFT;
> - spte |= shadow_me_mask;
>
> if (pte_access & ACC_WRITE_MASK) {
>
>