lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Jan 2021 16:47:01 -0800 From: Sean Christopherson <seanjc@...gle.com> To: Paolo Bonzini <pbonzini@...hat.com>, Dave Hansen <dave.hansen@...ux.intel.com>, Andy Lutomirski <luto@...nel.org>, Peter Zijlstra <peterz@...radead.org> Cc: Sean Christopherson <seanjc@...gle.com>, Vitaly Kuznetsov <vkuznets@...hat.com>, Wanpeng Li <wanpengli@...cent.com>, Jim Mattson <jmattson@...gle.com>, Joerg Roedel <joro@...tes.org>, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, Tom Lendacky <thomas.lendacky@....com>, Borislav Petkov <bp@...e.de>, Brijesh Singh <brijesh.singh@....com> Subject: [PATCH 00/13] KVM: SVM: Misc SEV cleanups Minor bug fixes and refactorings of SEV related code, mainly to clean up the KVM code for tracking whether or not SEV and SEV-ES are enabled. E.g. KVM has both sev_es and svm_sev_enabled(), and a global 'sev' flag while also using 'sev' as a local variable in several places. Based on kvm/master, commit 872f36eb0b0f ("KVM: x86: __kvm_vcpu_halt can be static"). Not super well tested, but AFAICT the feature detection is working as expected. Boris, this obviously touches on the KVM vs. kernel _cpu_has() stuff as well. My thought is that we can judge the SME/SEV features solely on whether or the kernel wants to dedicated a word for 'em, and hash out what to do with KVM at large in the SGX thread. Sean Christopherson (13): KVM: SVM: Free sev_asid_bitmap during init if SEV setup fails KVM: SVM: Zero out the VMCB array used to track SEV ASID association KVM: SVM: Move SEV module params/variables to sev.c x86/cpufeatures: Assign dedicated feature word for AMD mem encryption KVM: x86: Override reported SME/SEV feature flags with host mask x86/sev: Rename global "sev_enabled" flag to "sev_guest" KVM: SVM: Append "_enabled" to module-scoped SEV/SEV-ES control variables KVM: SVM: Unconditionally invoke sev_hardware_teardown() KVM: SVM: Explicitly check max SEV ASID during sev_hardware_setup() KVM: SVM: Move SEV VMCB tracking allocation to sev.c KVM: SVM: Drop redundant svm_sev_enabled() helper KVM: SVM: Remove an unnecessary prototype declaration of sev_flush_asids() KVM: SVM: Skip SEV cache flush if no ASIDs have been used arch/x86/include/asm/cpufeature.h | 7 +- arch/x86/include/asm/cpufeatures.h | 17 +++-- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/mem_encrypt.h | 2 +- arch/x86/include/asm/required-features.h | 3 +- arch/x86/kernel/cpu/common.c | 3 + arch/x86/kernel/cpu/scattered.c | 5 -- arch/x86/kvm/cpuid.c | 2 + arch/x86/kvm/cpuid.h | 1 + arch/x86/kvm/svm/sev.c | 64 +++++++++++++------ arch/x86/kvm/svm/svm.c | 35 +++------- arch/x86/kvm/svm/svm.h | 8 +-- arch/x86/mm/mem_encrypt.c | 4 +- arch/x86/mm/mem_encrypt_identity.c | 2 +- .../arch/x86/include/asm/disabled-features.h | 3 +- .../arch/x86/include/asm/required-features.h | 3 +- 16 files changed, 88 insertions(+), 74 deletions(-) -- 2.30.0.284.gd98b1dd5eaa7-goog
Powered by blists - more mailing lists