[SRU][Q:linux-aws][PATCH 1/1] virt: vmgenid: remap memory as decrypted
Magali Lemes
magali.lemes at canonical.com
Thu Jan 8 14:04:55 UTC 2026
From: Vitaly Kuznetsov <vkuznets at redhat.com>
BugLink: https://bugs.launchpad.net/bugs/2137714
It was found that AWS SEV-SNP enabled instances are not able to boot with
commit 81256a50aa0f ("x86/mm: Make memremap(MEMREMAP_WB) map memory as
encrypted by default") applied and the reason seems to be the vmgenid
device which requires unencrypted writeable memory.
A similar problem was previously fixed in DRM with commit
7dfede7d7edd ("drm/vmwgfx: Fix guests running with TDX/SEV").
Note, trusting vmgenid device in a Confidential VM is questionable: the
malicious host may intentionally avoid notifying the guest when a copy is
created.
Fixes: 81256a50aa0f ("x86/mm: Make memremap(MEMREMAP_WB) map memory as encrypted by default")
Signed-off-by: Vitaly Kuznetsov <vkuznets at redhat.com>
Cc: stable at vger.kernel.org # 6.15+
Signed-off-by: Jason A. Donenfeld <Jason at zx2c4.com>
(cherry picked from commit bb9ff576fdff48c242876f55098a3ee20a29df5d linux-next)
Signed-off-by: Magali Lemes <magali.lemes at canonical.com>
---
drivers/virt/vmgenid.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/virt/vmgenid.c b/drivers/virt/vmgenid.c
index 66135eac3abff..2cf0096aa217f 100644
--- a/drivers/virt/vmgenid.c
+++ b/drivers/virt/vmgenid.c
@@ -75,7 +75,8 @@ static int vmgenid_add_acpi(struct device *dev, struct vmgenid_state *state)
phys_addr = (obj->package.elements[0].integer.value << 0) |
(obj->package.elements[1].integer.value << 32);
- virt_addr = devm_memremap(&device->dev, phys_addr, VMGENID_SIZE, MEMREMAP_WB);
+ virt_addr = devm_memremap(&device->dev, phys_addr, VMGENID_SIZE,
+ MEMREMAP_WB | MEMREMAP_DEC);
if (IS_ERR(virt_addr)) {
ret = PTR_ERR(virt_addr);
goto out;
--
2.34.1
More information about the kernel-team
mailing list