• Tom Lendacky's avatar
    KVM: SVM: Issue WBINVD after deactivating an SEV guest · 2e2409af
    Tom Lendacky authored
    Currently, CLFLUSH is used to flush SEV guest memory before the guest is
    terminated (or a memory hotplug region is removed). However, CLFLUSH is
    not enough to ensure that SEV guest tagged data is flushed from the cache.
    
    With 33af3a7e ("KVM: SVM: Reduce WBINVD/DF_FLUSH invocations"), the
    original WBINVD was removed. This then exposed crashes at random times
    because of a cache flush race with a page that had both a hypervisor and
    a guest tag in the cache.
    
    Restore the WBINVD when destroying an SEV guest and add a WBINVD to the
    svm_unregister_enc_region() function to ensure hotplug memory is flushed
    when removed. The DF_FLUSH can still be avoided at this point.
    
    Fixes: 33af3a7e ("KVM: SVM: Reduce WBINVD/DF_FLUSH invocations")
    Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
    Message-Id: <c8bf9087ca3711c5770bdeaafa3e45b717dc5ef4.1584720426.git.thomas.lendacky@amd.com>
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    2e2409af
svm.c 193 KB