• Michael Roth's avatar
    KVM: x86: Implement hook for determining max NPT mapping level · b2104024
    Michael Roth authored
    In the case of SEV-SNP, whether or not a 2MB page can be mapped via a
    2MB mapping in the guest's nested page table depends on whether or not
    any subpages within the range have already been initialized as private
    in the RMP table. The existing mixed-attribute tracking in KVM is
    insufficient here, for instance:
    
      - gmem allocates 2MB page
      - guest issues PVALIDATE on 2MB page
      - guest later converts a subpage to shared
      - SNP host code issues PSMASH to split 2MB RMP mapping to 4K
      - KVM MMU splits NPT mapping to 4K
      - guest later converts that shared page back to private
    
    At this point there are no mixed attributes, and KVM would normally
    allow for 2MB NPT mappings again, but this is actually not allowed
    because the RMP table mappings are 4K and cannot be promoted on the
    hypervisor side, so the NPT mappings must still be limited to 4K to
    match this.
    
    Implement a kvm_x86_ops.private_max_mapping_level() hook for SEV that
    checks for this condition and adjusts the mapping level accordingly.
    Reviewed-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    Signed-off-by: default avatarMichael Roth <michael.roth@amd.com>
    Message-ID: <20240501085210.2213060-16-michael.roth@amd.com>
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    b2104024
sev.c 125 KB