| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 5 Mar 2021 17:58:51 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>
Cc: Sean Christopherson <seanjc@...gle.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Joerg Roedel <joro@...tes.org>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, Borislav Petkov <bp@...e.de>,
Tom Lendacky <thomas.lendacky@....com>,
Brijesh Singh <brijesh.singh@....com>
Subject: [PATCH v4 00/14] KVM: SVM: Misc SEV cleanups
Minor bug fixes and refactorings of SEV related code, mainly to clean up
the KVM code for tracking whether or not SEV and SEV-ES are enabled. E.g.
KVM has both sev_es and svm_sev_enabled(), and a global 'sev' flag while
also using 'sev' as a local variable in several places.
Based kvm/master, v5.12-rc1-dontuse.
v4:
- Reinstate the patch to override CPUID.0x8000_001F.
- Properly configure the CPUID.0x8000_001F override. [Paolo]
- Rebase to v5.12-rc1-dontuse.
v3:
- Drop two patches: add a dedicated feature word for CPUID_0x8000001F,
and use the new word to mask host CPUID in KVM. I'll send these as a
separate mini-series so that Boris can take them through tip.
- Add a patch to remove dependency on
CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT. [Boris / Paolo]
- Use kcalloc() instead of an open-coded equivalent. [Tom]
- Nullify sev_asid_bitmap when freeing it during setup. [Tom]
- Add a comment in sev_hardware_teardown() to document why it's safe to
query the ASID bitmap without taking the lock. [Tom]
- Collect reviews. [Tom and Brijesh]
v2:
- Remove the kernel's sev_enabled instead of renaming it to sev_guest.
- Fix various build issues. [Tom]
- Remove stable tag from the patch to free sev_asid_bitmap. Keeping the
bitmap on failure is truly only a leak once svm_sev_enabled() is
dropped later in the series. It's still arguably a fix since KVM will
unnecessarily keep memory, but it's not stable material. [Tom]
- Collect one Ack. [Tom]
v1:
- https://lkml.kernel.org/r/20210109004714.1341275-1-seanjc@google.com
Sean Christopherson (14):
KVM: SVM: Zero out the VMCB array used to track SEV ASID association
KVM: SVM: Free sev_asid_bitmap during init if SEV setup fails
KVM: SVM: Move SEV module params/variables to sev.c
KVM: x86: Do not advertise SME, VM_PAGE_FLUSH, or unknown features
x86/sev: Drop redundant and potentially misleading 'sev_enabled'
KVM: SVM: Append "_enabled" to module-scoped SEV/SEV-ES control
variables
KVM: SVM: Condition sev_enabled and sev_es_enabled on
CONFIG_KVM_AMD_SEV=y
KVM: SVM: Enable SEV/SEV-ES functionality by default (when supported)
KVM: SVM: Unconditionally invoke sev_hardware_teardown()
KVM: SVM: Explicitly check max SEV ASID during sev_hardware_setup()
KVM: SVM: Move SEV VMCB tracking allocation to sev.c
KVM: SVM: Drop redundant svm_sev_enabled() helper
KVM: SVM: Remove an unnecessary prototype declaration of
sev_flush_asids()
KVM: SVM: Skip SEV cache flush if no ASIDs have been used
arch/x86/include/asm/mem_encrypt.h | 1 -
arch/x86/kvm/cpuid.c | 6 +++
arch/x86/kvm/cpuid.h | 1 +
arch/x86/kvm/svm/sev.c | 72 +++++++++++++++++++++---------
arch/x86/kvm/svm/svm.c | 35 +++++----------
arch/x86/kvm/svm/svm.h | 8 +---
arch/x86/mm/mem_encrypt.c | 12 +++--
arch/x86/mm/mem_encrypt_identity.c | 1 -
8 files changed, 74 insertions(+), 62 deletions(-)
--
2.30.1.766.gb4fecdf3b7-goog
Powered by blists - more mailing lists