On Fri, Mar 05, 2021, Paolo Bonzini wrote: > On 05/03/21 02:10, Sean Christopherson wrote: > > @@ -5301,6 +5307,22 @@ static int __kvm_mmu_create(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu) > > for (i = 0; i < 4; ++i) > > mmu->pae_root[i] = 0; > > I think this should be deleted, since you have another identical for loop > below? Yes, rebase gone awry. And the zeroing needs to be done after decryption. Good eyes! > Paolo > > > + /* > > + * CR3 is only 32 bits when PAE paging is used, thus it's impossible to > > + * get the CPU to treat the PDPTEs as encrypted. Decrypt the page so > > + * that KVM's writes and the CPU's reads get along. Note, this is > > + * only necessary when using shadow paging, as 64-bit NPT can get at > > + * the C-bit even when shadowing 32-bit NPT, and SME isn't supported > > + * by 32-bit kernels (when KVM itself uses 32-bit NPT). > > + */ > > + if (!tdp_enabled) > > + set_memory_decrypted((unsigned long)mmu->pae_root, 1); > > + else > > + WARN_ON_ONCE(shadow_me_mask); > > + > > + for (i = 0; i < 4; ++i) > > + mmu->pae_root[i] = 0; > > + >
