| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8937db5e-4c8e-57cf-4059-d9e10ea1a393@amd.com>
Date: Thu, 15 Mar 2018 23:03:09 -0500
From: Tom Lendacky <thomas.lendacky@....com>
To: x86@...nel.org, linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Cc: Brijesh Singh <brijesh.singh@....com>,
Radim Krčmář <rkrcmar@...hat.com>,
Joerg Roedel <joro@...tes.org>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>,
"H. Peter Anvin" <hpa@...or.com>,
Paolo Bonzini <pbonzini@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [PATCH] KVM: x86: Fix device passthrough when SME is active
On 3/8/2018 5:17 PM, Tom Lendacky wrote:
> When using device passthrough with SME active, the MMIO range that is
> mapped for the device should not be mapped encrypted. Add a check in
> set_spte() to insure that a page is not mapped encrypted if that page
> is a device MMIO page as indicated by kvm_is_mmio_pfn().
>
> Cc: <stable@...r.kernel.org> # 4.14.x-
> Signed-off-by: Tom Lendacky <thomas.lendacky@....com>
Any concerns with this fix?
Thanks,
Tom
> ---
> arch/x86/kvm/mmu.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> index f551962..763bb3b 100644
> --- a/arch/x86/kvm/mmu.c
> +++ b/arch/x86/kvm/mmu.c
> @@ -2770,8 +2770,10 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
> else
> pte_access &= ~ACC_WRITE_MASK;
>
> + if (!kvm_is_mmio_pfn(pfn))
> + spte |= shadow_me_mask;
> +
> spte |= (u64)pfn << PAGE_SHIFT;
> - spte |= shadow_me_mask;
>
> if (pte_access & ACC_WRITE_MASK) {
>
>
Powered by blists - more mailing lists