1. Patchew
  2. linux
  3. View series

[PATCH] vmgenid: Remap memory as decrypted

Vitaly Kuznetsov posted 1 patch 1 month, 2 weeks ago 
drivers/virt/vmgenid.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
[PATCH] vmgenid: Remap memory as decrypted
Posted by Vitaly Kuznetsov 1 month, 2 weeks ago 
It was found that AWS SEV-SNP enabled instances are not able to boot with
commit 81256a50aa0f ("x86/mm: Make memremap(MEMREMAP_WB) map memory as
encrypted by default") applied and the reason seems to be the vmgenid
device which requires unencrypted writeable memory.

A similar problem was previously fixed in DRM with commit
7dfede7d7edd ("drm/vmwgfx: Fix guests running with TDX/SEV").

Note, trusting vmgenid device in a Confidential VM is questionable: the
malicious host may intentionally avoid notifying the guest when a copy is
created.

Fixes: 81256a50aa0f ("x86/mm: Make memremap(MEMREMAP_WB) map memory as encrypted by default")
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
 drivers/virt/vmgenid.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/virt/vmgenid.c b/drivers/virt/vmgenid.c
index 66135eac3abf..2cf0096aa217 100644
--- a/drivers/virt/vmgenid.c
+++ b/drivers/virt/vmgenid.c
@@ -75,7 +75,8 @@ static int vmgenid_add_acpi(struct device *dev, struct vmgenid_state *state)
 	phys_addr = (obj->package.elements[0].integer.value << 0) |
 		    (obj->package.elements[1].integer.value << 32);
 
-	virt_addr = devm_memremap(&device->dev, phys_addr, VMGENID_SIZE, MEMREMAP_WB);
+	virt_addr = devm_memremap(&device->dev, phys_addr, VMGENID_SIZE,
+				  MEMREMAP_WB | MEMREMAP_DEC);
 	if (IS_ERR(virt_addr)) {
 		ret = PTR_ERR(virt_addr);
 		goto out;
-- 
2.52.0
Re: [PATCH] vmgenid: Remap memory as decrypted
Posted by Jason A. Donenfeld 1 month, 2 weeks ago 
Hi Vitaly,

On Mon, Dec 22, 2025 at 3:46 PM Vitaly Kuznetsov <vkuznets@redhat.com> wrote:
> -       virt_addr = devm_memremap(&device->dev, phys_addr, VMGENID_SIZE, MEMREMAP_WB);
> +       virt_addr = devm_memremap(&device->dev, phys_addr, VMGENID_SIZE,
> +                                 MEMREMAP_WB | MEMREMAP_DEC);

Thanks for this patch. I still need to do a bit of my own testing with
it, but I've preliminarily applied it to the random.git tree:
https://git.kernel.org/pub/scm/linux/kernel/git/crng/random.git/commit/?id=9476583268980ce64ed75f124768fe3bff6fff4c

Should this patch CC stable@, by the way?

Regards,
Jason
Re: [PATCH] vmgenid: Remap memory as decrypted
Posted by Vitaly Kuznetsov 1 month, 2 weeks ago 
"Jason A. Donenfeld" <Jason@zx2c4.com> writes:

> Hi Vitaly,
>
> On Mon, Dec 22, 2025 at 3:46 PM Vitaly Kuznetsov <vkuznets@redhat.com> wrote:
>> -       virt_addr = devm_memremap(&device->dev, phys_addr, VMGENID_SIZE, MEMREMAP_WB);
>> +       virt_addr = devm_memremap(&device->dev, phys_addr, VMGENID_SIZE,
>> +                                 MEMREMAP_WB | MEMREMAP_DEC);
>
> Thanks for this patch. I still need to do a bit of my own testing with
> it, but I've preliminarily applied it to the random.git tree:
> https://git.kernel.org/pub/scm/linux/kernel/git/crng/random.git/commit/?id=9476583268980ce64ed75f124768fe3bff6fff4c
>
> Should this patch CC stable@, by the way?
>

I'm not sure how common the configuration (SEV-SNP/(TDX?) + vmgenid) is
but I guess AWS SEV-SNP config is significant enough to justify stable@
as all kernels 6.15+ don't boot there at all.

-- 
Vitaly
Re: [PATCH] vmgenid: Remap memory as decrypted
Posted by Jason A. Donenfeld 1 month, 2 weeks ago 
On Mon, Dec 22, 2025 at 4:18 PM Vitaly Kuznetsov <vkuznets@redhat.com> wrote:
> I'm not sure how common the configuration (SEV-SNP/(TDX?) + vmgenid) is
> but I guess AWS SEV-SNP config is significant enough to justify stable@
> as all kernels 6.15+ don't boot there at all.

Okay, will add:

Cc: stable@vger.kernel.org # 6.15+

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.