KVM: x86: Fix device passthrough when SME is active

commit daaf216c06fba4ee4dc3f62715667da929d68774 upstream. When using device passthrough with SME active, the MMIO range that is mapped for the device should not be mapped encrypted. Add a check in set_spte() to insure that a page is not mapped encrypted if that page is a device MMIO page as indicated by kvm_is_mmio_pfn(). Cc: <stable@vger.kernel.org> # 4.14.x- Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Tom Lendacky <thomas.lendacky@amd.com> 2018-03-08 17:17:31 -0600
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-03-21 12:05:43 +0100
commit: 4abf8650d69379773ba9d03cc263507a1461b985 (patch)
tree: 6fa06dacd96dbeb4a5a985c294d569651906a389 /arch/x86/kvm
parent: da0812b4989581b7bcbbbeb7011400c62df7922a (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index fe2cb4cfa75b..37277859a2a1 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -2758,8 +2758,10 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
 	else
 		pte_access &= ~ACC_WRITE_MASK;
 
+	if (!kvm_is_mmio_pfn(pfn))
+		spte |= shadow_me_mask;
+
 	spte |= (u64)pfn << PAGE_SHIFT;
-	spte |= shadow_me_mask;
 
 	if (pte_access & ACC_WRITE_MASK) {
author	Tom Lendacky <thomas.lendacky@amd.com>	2018-03-08 17:17:31 -0600
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2018-03-21 12:05:43 +0100
commit	4abf8650d69379773ba9d03cc263507a1461b985 (patch)
tree	6fa06dacd96dbeb4a5a985c294d569651906a389 /arch/x86/kvm
parent	da0812b4989581b7bcbbbeb7011400c62df7922a (diff)