diff options
| author | Vitaly Kuznetsov <vkuznets@redhat.com> | 2025-12-22 15:46:46 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2025-12-22 16:18:54 +0100 |
| commit | bb9ff576fdff48c242876f55098a3ee20a29df5d (patch) | |
| tree | 65a9ef062fdcab046fa9d4624fcafdbdbe42f150 /scripts/Makefile.thinlto | |
| parent | 3f9f0252130e7dd60d41be0802bf58f6471c691d (diff) | |
| download | linux-next-bb9ff576fdff48c242876f55098a3ee20a29df5d.tar.gz linux-next-bb9ff576fdff48c242876f55098a3ee20a29df5d.zip | |
virt: vmgenid: remap memory as decrypted
It was found that AWS SEV-SNP enabled instances are not able to boot with
commit 81256a50aa0f ("x86/mm: Make memremap(MEMREMAP_WB) map memory as
encrypted by default") applied and the reason seems to be the vmgenid
device which requires unencrypted writeable memory.
A similar problem was previously fixed in DRM with commit
7dfede7d7edd ("drm/vmwgfx: Fix guests running with TDX/SEV").
Note, trusting vmgenid device in a Confidential VM is questionable: the
malicious host may intentionally avoid notifying the guest when a copy is
created.
Fixes: 81256a50aa0f ("x86/mm: Make memremap(MEMREMAP_WB) map memory as encrypted by default")
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: stable@vger.kernel.org # 6.15+
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'scripts/Makefile.thinlto')
0 files changed, 0 insertions, 0 deletions
