On Thu, May 25, 2023 at 04:40:00PM -0700, Sathyanarayanan Kuppuswamy wrote:
Hi,
On 5/25/23 3:58 PM, Kirill A. Shutemov wrote:
Touching privately mapped GPA that is not properly converted to private with MapGPA and accepted leads to unrecoverable exit to VMM.
load_unaligned_zeropad() can touch memory that is not owned by the caller, but just happened to next after the owned memory. This load_unaligned_zeropad() behaviour makes it important when kernel asks VMM to convert a GPA from shared to private or back. Kernel must never have a page mapped into direct mapping (and aliases) as private when the GPA is already converted to shared or when GPA is not yet converted to private.
guest.enc_status_change_prepare() called before adjusting direct mapping and therefore it is responsible for converting the memory to private.
guest.enc_tlb_flush_required() called after adjusting direct mapping and it converts the memory to shared.
Do you mean .enc_status_change_finish() here? Isn't enc_tlb_flush_required() called before adjusting the mapping?
Yes, I copy-pasted wrong callback :/