-
- Downloads
KVM: x86: disallow pre-fault for SNP VMs before initialization
KVM_PRE_FAULT_MEMORY for an SNP guest can race with sev_gmem_post_populate() in bad ways. The following sequence for instance can potentially trigger an RMP fault: thread A, sev_gmem_post_populate: called thread B, sev_gmem_prepare: places below 'pfn' in a private state in RMP thread A, sev_gmem_post_populate: *vaddr = kmap_local_pfn(pfn + i); thread A, sev_gmem_post_populate: copy_from_user(vaddr, src + i * PAGE_SIZE, PAGE_SIZE); RMP #PF Fix this by only allowing KVM_PRE_FAULT_MEMORY to run after a guest's initial private memory contents have been finalized via KVM_SEV_SNP_LAUNCH_FINISH. Beyond fixing this issue, it just sort of makes sense to enforce this, since the KVM_PRE_FAULT_MEMORY documentation states: "KVM maps memory as if the vCPU generated a stage-2 read page fault" which sort of implies we should be acting on the same guest state that a vCPU would see post-launch after the initial guest memory is all set up. Co-developed-by:Michael Roth <michael.roth@amd.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
Showing
- Documentation/virt/kvm/api.rst 6 additions, 0 deletionsDocumentation/virt/kvm/api.rst
- arch/x86/include/asm/kvm_host.h 1 addition, 0 deletionsarch/x86/include/asm/kvm_host.h
- arch/x86/kvm/mmu/mmu.c 3 additions, 0 deletionsarch/x86/kvm/mmu/mmu.c
- arch/x86/kvm/svm/sev.c 8 additions, 0 deletionsarch/x86/kvm/svm/sev.c
- arch/x86/kvm/svm/svm.c 1 addition, 0 deletionsarch/x86/kvm/svm/svm.c
- arch/x86/kvm/x86.c 3 additions, 0 deletionsarch/x86/kvm/x86.c
Loading
Please register or sign in to comment