| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230830000633.3158416-7-seanjc@google.com>
Date: Tue, 29 Aug 2023 17:06:32 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
Sean Christopherson <seanjc@...gle.com>
Subject: [GIT PULL] KVM: x86: SVM changes for 6.6
Please pull SVM changes for 6.6. The highlight is the addition of support for
enabling DebugSwap for SEV-ES (and later) guests, i.e. to allow SEV-ES guests
to utilize hardware breakpoints.
The SEV and SEV-ES fixes from me are a bit late to the party, but they've gotten
as much testing from -next as their going to get.
As mentioned in the "misc" pull request, there's a rather annoying conflict
between the LBR virtualization cleanups and the guest_can_use() framework.
The following changes since commit fdf0eaf11452d72945af31804e2a1048ee1b574c:
Linux 6.5-rc2 (2023-07-16 15:10:37 -0700)
are available in the Git repository at:
https://github.com/kvm-x86/linux.git tags/kvm-x86-svm-6.6
for you to fetch changes up to 80d0f521d59e08eeaa0bc5d624da139448fb99b8:
KVM: SVM: Require nrips support for SEV guests (and beyond) (2023-08-25 09:00:40 -0700)
----------------------------------------------------------------
KVM: x86: SVM changes for 6.6:
- Add support for SEV-ES DebugSwap, i.e. allow SEV-ES guests to use debug
registers and generate/handle #DBs
- Clean up LBR virtualization code
- Fix a bug where KVM fails to set the target pCPU during an IRTE update
- Fix fatal bugs in SEV-ES intrahost migration
- Fix a bug where the recent (architecturally correct) change to reinject
#BP and skip INT3 broke SEV guests (can't decode INT3 to skip it)
----------------------------------------------------------------
Alexey Kardashevskiy (6):
KVM: SEV: move set_dr_intercepts/clr_dr_intercepts from the header
KVM: SEV: Move SEV's GP_VECTOR intercept setup to SEV
KVM: SEV-ES: explicitly disable debug
KVM: SVM/SEV/SEV-ES: Rework intercepts
KVM: SEV: Enable data breakpoints in SEV-ES
KVM: SEV-ES: Eliminate #DB intercept when DebugSwap enabled
Manali Shukla (1):
KVM: SVM: correct the size of spec_ctrl field in VMCB save area
Sean Christopherson (12):
KVM: SVM: Rewrite sev_es_prepare_switch_to_guest()'s comment about swap types
KVM: SVM: Don't defer NMI unblocking until next exit for SEV-ES guests
KVM: SVM: Don't try to pointlessly single-step SEV-ES guests for NMI window
KVM: SVM: Fix dead KVM_BUG() code in LBR MSR virtualization
KVM: SVM: Clean up handling of LBR virtualization enabled
KVM: SVM: Use svm_get_lbr_vmcb() helper to handle writes to DEBUGCTL
KVM: SVM: Take and hold ir_list_lock when updating vCPU's Physical ID entry
KVM: SVM: Set target pCPU during IRTE update if target vCPU is running
KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration
KVM: SVM: Skip VMSA init in sev_es_init_vmcb() if pointer is NULL
KVM: SVM: Don't inject #UD if KVM attempts to skip SEV guest insn
KVM: SVM: Require nrips support for SEV guests (and beyond)
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/svm.h | 5 +-
arch/x86/kvm/svm/avic.c | 59 ++++++++--
arch/x86/kvm/svm/sev.c | 100 ++++++++++++++---
arch/x86/kvm/svm/svm.c | 179 +++++++++++++++++++------------
arch/x86/kvm/svm/svm.h | 43 +-------
tools/arch/x86/include/asm/cpufeatures.h | 1 +
7 files changed, 252 insertions(+), 136 deletions(-)
Powered by blists - more mailing lists