+++ /dev/null
-From stable+bounces-180849-greg=kroah.com@vger.kernel.org Mon Sep 22 01:18:07 2025
-From: Sasha Levin <sashal@kernel.org>
-Date: Sun, 21 Sep 2025 19:17:59 -0400
-Subject: x86/sev: Guard sev_evict_cache() with CONFIG_AMD_MEM_ENCRYPT
-To: stable@vger.kernel.org
-Cc: Tom Lendacky <thomas.lendacky@amd.com>, "Borislav Petkov (AMD)" <bp@alien8.de>, stable@kernel.org, Sasha Levin <sashal@kernel.org>
-Message-ID: <20250921231759.3033314-1-sashal@kernel.org>
-
-From: Tom Lendacky <thomas.lendacky@amd.com>
-
-[ Upstream commit 7f830e126dc357fc086905ce9730140fd4528d66 ]
-
-The sev_evict_cache() is guest-related code and should be guarded by
-CONFIG_AMD_MEM_ENCRYPT, not CONFIG_KVM_AMD_SEV.
-
-CONFIG_AMD_MEM_ENCRYPT=y is required for a guest to run properly as an SEV-SNP
-guest, but a guest kernel built with CONFIG_KVM_AMD_SEV=n would get the stub
-function of sev_evict_cache() instead of the version that performs the actual
-eviction. Move the function declarations under the appropriate #ifdef.
-
-Fixes: 7b306dfa326f ("x86/sev: Evict cache lines during SNP memory validation")
-Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
-Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
-Cc: stable@kernel.org # 6.16.x
-Link: https://lore.kernel.org/r/70e38f2c4a549063de54052c9f64929705313526.1757708959.git.thomas.lendacky@amd.com
-[ Move sev_evict_cache() out of shared.c ]
-Signed-off-by: Sasha Levin <sashal@kernel.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/x86/coco/sev/shared.c | 18 ------------------
- arch/x86/include/asm/sev.h | 19 +++++++++++++++++++
- 2 files changed, 19 insertions(+), 18 deletions(-)
-
---- a/arch/x86/coco/sev/shared.c
-+++ b/arch/x86/coco/sev/shared.c
-@@ -1243,24 +1243,6 @@ static void svsm_pval_terminate(struct s
- __pval_terminate(pfn, action, page_size, ret, svsm_ret);
- }
-
--static inline void sev_evict_cache(void *va, int npages)
--{
-- volatile u8 val __always_unused;
-- u8 *bytes = va;
-- int page_idx;
--
-- /*
-- * For SEV guests, a read from the first/last cache-lines of a 4K page
-- * using the guest key is sufficient to cause a flush of all cache-lines
-- * associated with that 4K page without incurring all the overhead of a
-- * full CLFLUSH sequence.
-- */
-- for (page_idx = 0; page_idx < npages; page_idx++) {
-- val = bytes[page_idx * PAGE_SIZE];
-- val = bytes[page_idx * PAGE_SIZE + PAGE_SIZE - 1];
-- }
--}
--
- static void svsm_pval_4k_page(unsigned long paddr, bool validate)
- {
- struct svsm_pvalidate_call *pc;
---- a/arch/x86/include/asm/sev.h
-+++ b/arch/x86/include/asm/sev.h
-@@ -400,6 +400,24 @@ u64 sev_get_status(void);
- void sev_show_status(void);
- void snp_update_svsm_ca(void);
-
-+static inline void sev_evict_cache(void *va, int npages)
-+{
-+ volatile u8 val __always_unused;
-+ u8 *bytes = va;
-+ int page_idx;
-+
-+ /*
-+ * For SEV guests, a read from the first/last cache-lines of a 4K page
-+ * using the guest key is sufficient to cause a flush of all cache-lines
-+ * associated with that 4K page without incurring all the overhead of a
-+ * full CLFLUSH sequence.
-+ */
-+ for (page_idx = 0; page_idx < npages; page_idx++) {
-+ val = bytes[page_idx * PAGE_SIZE];
-+ val = bytes[page_idx * PAGE_SIZE + PAGE_SIZE - 1];
-+ }
-+}
-+
- #else /* !CONFIG_AMD_MEM_ENCRYPT */
-
- #define snp_vmpl 0
-@@ -435,6 +453,7 @@ static inline u64 snp_get_unsupported_fe
- static inline u64 sev_get_status(void) { return 0; }
- static inline void sev_show_status(void) { }
- static inline void snp_update_svsm_ca(void) { }
-+static inline void sev_evict_cache(void *va, int npages) {}
-
- #endif /* CONFIG_AMD_MEM_ENCRYPT */
-
projects / thirdparty / kernel / stable-queue.git / commitdiff
