0c29397ac1
Disable SEV-ES if MMIO caching is disabled as SEV-ES relies on MMIO SPTEs
generating #NPF(RSVD), which are reflected by the CPU into the guest as
a #VC. With SEV-ES, the untrusted host, a.k.a. KVM, doesn't have access
to the guest instruction stream or register state and so can't directly
emulate in response to a #NPF on an emulated MMIO GPA. Disabling MMIO
caching means guest accesses to emulated MMIO ranges cause #NPF(!PRESENT),
and those flavors of #NPF cause automatic VM-Exits, not #VC.
Adjust KVM's MMIO masks to account for the C-bit location prior to doing
SEV(-ES) setup, and document that dependency between adjusting the MMIO
SPTE mask and SEV(-ES) setup.
Fixes:
|
||
|---|---|---|
| .. | ||
| avic.c | ||
| hyperv.h | ||
| nested.c | ||
| pmu.c | ||
| sev.c | ||
| svm.c | ||
| svm.h | ||
| svm_onhyperv.c | ||
| svm_onhyperv.h | ||
| svm_ops.h | ||
| vmenter.S | ||