• Paolo Bonzini's avatar
    KVM: x86: only do L1TF workaround on affected processors · d43e2675
    Paolo Bonzini authored
    KVM stores the gfn in MMIO SPTEs as a caching optimization.  These are split
    in two parts, as in "[high 11111 low]", to thwart any attempt to use these bits
    in an L1TF attack.  This works as long as there are 5 free bits between
    MAXPHYADDR and bit 50 (inclusive), leaving bit 51 free so that the MMIO
    access triggers a reserved-bit-set page fault.
    
    The bit positions however were computed wrongly for AMD processors that have
    encryption support.  In this case, x86_phys_bits is reduced (for example
    from 48 to 43, to account for the C bit at position 47 and four bits used
    internally to store the SEV ASID and other stuff) while x86_cache_bits in
    would remain set to 48, and _all_ bits between the reduced MAXPHYADDR
    and bit 51 are set.  Then low_phys_bits would also cover some of the
    bits that are set in the shadow_mmio_value, terribly confusing the gfn
    caching mechanism.
    
    To fix this, avoid splitting gfns as long as the processor does not have
    the L1TF bug (which includes all AMD processors).  When there is no
    splitting, low_phys_bits can be set to the reduced MAXPHYADDR removing
    the overlap.  This fixes "npt=0" operation on EPYC processors.
    
    Thanks to Maxim Levitsky for bisecting this bug.
    
    Cc: stable@vger.kernel.org
    Fixes: 52918ed5 ("KVM: SVM: Override default MMIO mask if memory encryption is enabled")
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    d43e2675
mmu.c 169 KB