• Sean Christopherson's avatar
    KVM: SVM: Disable SEV-ES support if MMIO caching is disable · 0c29397a
    Sean Christopherson authored
    Disable SEV-ES if MMIO caching is disabled as SEV-ES relies on MMIO SPTEs
    generating #NPF(RSVD), which are reflected by the CPU into the guest as
    a #VC.  With SEV-ES, the untrusted host, a.k.a. KVM, doesn't have access
    to the guest instruction stream or register state and so can't directly
    emulate in response to a #NPF on an emulated MMIO GPA.  Disabling MMIO
    caching means guest accesses to emulated MMIO ranges cause #NPF(!PRESENT),
    and those flavors of #NPF cause automatic VM-Exits, not #VC.
    
    Adjust KVM's MMIO masks to account for the C-bit location prior to doing
    SEV(-ES) setup, and document that dependency between adjusting the MMIO
    SPTE mask and SEV(-ES) setup.
    
    Fixes: b09763da ("KVM: x86/mmu: Add module param to disable MMIO caching (for testing)")
    Reported-by: default avatarMichael Roth <michael.roth@amd.com>
    Tested-by: default avatarMichael Roth <michael.roth@amd.com>
    Cc: Tom Lendacky <thomas.lendacky@amd.com>
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
    Message-Id: <20220803224957.1285926-4-seanjc@google.com>
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    0c29397a
spte.c 14.7 KB