Re: [PATCH v3 5/5] x86/sev-es: Do not support MMIO to/from encrypted memory

2020-10-27 Thread Borislav Petkov
On Wed, Oct 21, 2020 at 02:39:38PM +0200, Joerg Roedel wrote: > From: Joerg Roedel > > MMIO memory is usually not mapped encrypted, so there is no reason to > support emulated MMIO when it is mapped encrypted. > > This prevents a possible hypervisor attack where it maps a RAM page as

[PATCH v3 5/5] x86/sev-es: Do not support MMIO to/from encrypted memory

2020-10-21 Thread Joerg Roedel
From: Joerg Roedel MMIO memory is usually not mapped encrypted, so there is no reason to support emulated MMIO when it is mapped encrypted. This prevents a possible hypervisor attack where it maps a RAM page as an MMIO page in the nested page-table, so that any guest access to it will trigger a