Re: [PATCH] x86/sev: Remove bogus virtual address check
From: Borislav Petkov
Date: Tue Mar 31 2026 - 09:20:22 EST
On Fri, Oct 10, 2025 at 05:10:37PM +0200, Ard Biesheuvel wrote:
> From: Ard Biesheuvel <ardb@xxxxxxxxxx>
>
> The AES-GCM crypto library operates strictly on virtual addresses, and
> never performs any H/W offload, and so calling virt_addr_valid() is not
> needed.
>
> Cc: Borislav Petkov (AMD) <bp@xxxxxxxxx>
> Cc: Tom Lendacky <thomas.lendacky@xxxxxxx>
> Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
> ---
> arch/x86/coco/sev/core.c | 9 ---------
> 1 file changed, 9 deletions(-)
>
> diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
> index 9ae3b11754e6..c4e2de3687a9 100644
> --- a/arch/x86/coco/sev/core.c
> +++ b/arch/x86/coco/sev/core.c
> @@ -2249,15 +2249,6 @@ int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req
> u64 seqno;
> int rc;
>
> - /*
> - * enc_payload() calls aesgcm_encrypt(), which can potentially offload to HW.
> - * The offload's DMA SG list of data to encrypt has to be in linear mapping.
> - */
> - if (!virt_addr_valid(req->req_buf) || !virt_addr_valid(req->resp_buf)) {
> - pr_warn("AES-GSM buffers must be in linear mapping");
> - return -EINVAL;
> - }
> -
> guard(mutex)(&snp_cmd_mutex);
>
> /* Check if the VMPCK is not empty */
> --
This came from:
7ffeb2fc2670 ("x86/sev: Document requirement for linear mapping of guest request buffers")
and there was some speculation about the potential of using a crypto
accelerator which wants addresses in linear mapping...
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette