On 09/03/2018 00:17, Tom Lendacky wrote:
> When using device passthrough with SME active, the MMIO range that is
> mapped for the device should not be mapped encrypted. Add a check in
> set_spte() to insure that a page is not mapped encrypted if that page
> is a device MMIO page as indicated by kvm_is_mmio_pfn().
>
> Cc: <sta...@vger.kernel.org> # 4.14.x-
> Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
> ---
> arch/x86/kvm/mmu.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> index f551962..763bb3b 100644
> --- a/arch/x86/kvm/mmu.c
> +++ b/arch/x86/kvm/mmu.c
> @@ -2770,8 +2770,10 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
> else
> pte_access &= ~ACC_WRITE_MASK;
>
> + if (!kvm_is_mmio_pfn(pfn))
> + spte |= shadow_me_mask;
> +
> spte |= (u64)pfn << PAGE_SHIFT;
> - spte |= shadow_me_mask;
>
> if (pte_access & ACC_WRITE_MASK) {
>
>
No, I'm applying it.
Paolo
