On 3/21/22 04:33, Joerg Roedel wrote:
From: Joerg Roedel jroedel@suse.de
The io specific memcpy/memset functions use string mmio accesses to do their work. Under SEV the hypervisor can't emulate these instructions, because they read/write directly from/to encrypted memory.
KVM will inject a page fault exception into the guest when it is asked to emulate string mmio instructions for an SEV guest:
BUG: unable to handle page fault for address: ffffc90000065068 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 8000100000067 P4D 8000100000067 PUD 80001000fb067 PMD 80001000fc067 PTE 80000000fed40173 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.17.0-rc7 #3
As string mmio for an SEV guest can not be supported by the hypervisor, unroll the instructions for CC_ATTR_GUEST_UNROLL_STRING_IO enabled kernels.
This issue appears when kernels are launched in recent libvirt-managed SEV virtual machines, because libvirt started to add a tpm-crb device to the guest by default.
The kernel driver for tpm-crb uses memcpy_to/from_io() functions to access MMIO memory, resulting in a page-fault injected by KVM and crashing the kernel at boot.
Cc: stable@vger.kernel.org #4.15+ Fixes: d8aa7eea78a1 ('x86/mm: Add Secure Encrypted Virtualization (SEV) support') Signed-off-by: Joerg Roedel jroedel@suse.de
Reviewed-by: Tom Lendacky thomas.lendacky@amd.com
Changes: v1->v2:
- Addressed review comments
- Call memset directly and remove the string-wrapper
- Add section about tpm-crb to the commit message
arch/x86/lib/iomem.c | 65 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 57 insertions(+), 8 deletions(-)