Re: [PATCH] KVM: SVM: Mark SEV launch secret pages as dirty.
From: Paolo Bonzini
Date: Wed Sep 23 2020 - 13:27:48 EST
On 23/09/20 19:26, Sean Christopherson wrote:
> * Flush before LAUNCH_UPDATE encrypts pages in place, in case the cache
> * contains the data that was written unencrypted.
> sev_clflush_pages(inpages, npages);
> there's nothing in the comment or code that even suggests sev_clflush_pages() is
> conditional, i.e. no reason for the reader to peek at the implemenation.
> What about:
> * Flush (on non-coherent CPUs) before LAUNCH_UPDATE encrypts pages in
> * place, the cache may contain data that was written unencrypted.