| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Jan 2021 16:47:01 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>
Cc: Sean Christopherson <seanjc@...gle.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Joerg Roedel <joro@...tes.org>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org,
Tom Lendacky <thomas.lendacky@....com>,
Borislav Petkov <bp@...e.de>,
Brijesh Singh <brijesh.singh@....com>
Subject: [PATCH 00/13] KVM: SVM: Misc SEV cleanups
Minor bug fixes and refactorings of SEV related code, mainly to clean up
the KVM code for tracking whether or not SEV and SEV-ES are enabled. E.g.
KVM has both sev_es and svm_sev_enabled(), and a global 'sev' flag while
also using 'sev' as a local variable in several places.
Based on kvm/master, commit 872f36eb0b0f ("KVM: x86: __kvm_vcpu_halt can
be static").
Not super well tested, but AFAICT the feature detection is working as
expected.
Boris, this obviously touches on the KVM vs. kernel _cpu_has() stuff as
well. My thought is that we can judge the SME/SEV features solely on
whether or the kernel wants to dedicated a word for 'em, and hash out what
to do with KVM at large in the SGX thread.
Sean Christopherson (13):
KVM: SVM: Free sev_asid_bitmap during init if SEV setup fails
KVM: SVM: Zero out the VMCB array used to track SEV ASID association
KVM: SVM: Move SEV module params/variables to sev.c
x86/cpufeatures: Assign dedicated feature word for AMD mem encryption
KVM: x86: Override reported SME/SEV feature flags with host mask
x86/sev: Rename global "sev_enabled" flag to "sev_guest"
KVM: SVM: Append "_enabled" to module-scoped SEV/SEV-ES control
variables
KVM: SVM: Unconditionally invoke sev_hardware_teardown()
KVM: SVM: Explicitly check max SEV ASID during sev_hardware_setup()
KVM: SVM: Move SEV VMCB tracking allocation to sev.c
KVM: SVM: Drop redundant svm_sev_enabled() helper
KVM: SVM: Remove an unnecessary prototype declaration of
sev_flush_asids()
KVM: SVM: Skip SEV cache flush if no ASIDs have been used
arch/x86/include/asm/cpufeature.h | 7 +-
arch/x86/include/asm/cpufeatures.h | 17 +++--
arch/x86/include/asm/disabled-features.h | 3 +-
arch/x86/include/asm/mem_encrypt.h | 2 +-
arch/x86/include/asm/required-features.h | 3 +-
arch/x86/kernel/cpu/common.c | 3 +
arch/x86/kernel/cpu/scattered.c | 5 --
arch/x86/kvm/cpuid.c | 2 +
arch/x86/kvm/cpuid.h | 1 +
arch/x86/kvm/svm/sev.c | 64 +++++++++++++------
arch/x86/kvm/svm/svm.c | 35 +++-------
arch/x86/kvm/svm/svm.h | 8 +--
arch/x86/mm/mem_encrypt.c | 4 +-
arch/x86/mm/mem_encrypt_identity.c | 2 +-
.../arch/x86/include/asm/disabled-features.h | 3 +-
.../arch/x86/include/asm/required-features.h | 3 +-
16 files changed, 88 insertions(+), 74 deletions(-)
--
2.30.0.284.gd98b1dd5eaa7-goog
Powered by blists - more mailing lists