[RFC,v7,56/64] KVM: x86/mmu: Generate KVM_EXIT_MEMORY_FAULT for implicit conversions for SNP

Commit Message

Michael Roth Dec. 14, 2022, 7:40 p.m. UTC

SEV-SNP will set PFERR_GUEST_ENC_MASK for NPT faults for
encrypted/private memory. Generally such accesses will be preceded at
some point by a GHCB request to the hypervisor to put the page in the
expected private/shared state, so the KVM MMU wouldn't normally need to
generate KVM_EXIT_MEMORY_FAULTs to handle the updates at access time.

However, implicit conversions are also supported for SNP guests, and in
those cases an KVM_EXIT_MEMORY_FAULT will be needed to put the page in
the expected private/shared state.

Check for this PFERR_GUEST_ENC_MASK bit when determining whether a #NPF
should be handled with restrictedmem pages or not.

Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 arch/x86/kvm/svm/sev.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Patch

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 885a3f1da910..0dd3d9debe48 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -4446,7 +4446,10 @@  int sev_fault_is_private(struct kvm *kvm, gpa_t gpa, u64 error_code, bool *priva
 	 * source is the only indicator of whether the fault should be treated
 	 * as private or not.
 	 */
-	*private_fault = kvm_mem_is_private(kvm, gfn);
+	if (sev_snp_guest(kvm))
+		*private_fault = (error_code & PFERR_GUEST_ENC_MASK) ? true : false;
+	else
+		*private_fault = kvm_mem_is_private(kvm, gfn);
 
 	return 1;