Google Git
Sign in
kernel / pub / scm / linux / kernel / git / crng / random / refs/heads/master
commitbb9ff576fdff48c242876f55098a3ee20a29df5d[log] [tgz]
authorVitaly Kuznetsov <vkuznets@redhat.com>Mon Dec 22 15:46:46 2025 +0100
committerJason A. Donenfeld <Jason@zx2c4.com>Mon Dec 22 16:18:54 2025 +0100
tree65a9ef062fdcab046fa9d4624fcafdbdbe42f150
parent3f9f0252130e7dd60d41be0802bf58f6471c691d [diff]
virt: vmgenid: remap memory as decrypted

It was found that AWS SEV-SNP enabled instances are not able to boot with
commit 81256a50aa0f ("x86/mm: Make memremap(MEMREMAP_WB) map memory as
encrypted by default") applied and the reason seems to be the vmgenid
device which requires unencrypted writeable memory.

A similar problem was previously fixed in DRM with commit
7dfede7d7edd ("drm/vmwgfx: Fix guests running with TDX/SEV").

Note, trusting vmgenid device in a Confidential VM is questionable: the
malicious host may intentionally avoid notifying the guest when a copy is
created.

Fixes: 81256a50aa0f ("x86/mm: Make memremap(MEMREMAP_WB) map memory as encrypted by default")
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: stable@vger.kernel.org # 6.15+
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
1 file changed
tree: 65a9ef062fdcab046fa9d4624fcafdbdbe42f150
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. io_uring/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. rust/
  18. samples/
  19. scripts/
  20. security/
  21. sound/
  22. tools/
  23. usr/
  24. virt/
  25. .clang-format
  26. .clippy.toml
  27. .cocciconfig
  28. .editorconfig
  29. .get_maintainer.ignore
  30. .gitattributes
  31. .gitignore
  32. .mailmap
  33. .pylintrc
  34. .rustfmt.toml
  35. COPYING
  36. CREDITS
  37. Kbuild
  38. Kconfig
  39. MAINTAINERS
  40. Makefile
  41. README