lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230830000633.3158416-7-seanjc@google.com>
Date:   Tue, 29 Aug 2023 17:06:32 -0700
From:   Sean Christopherson <seanjc@...gle.com>
To:     Paolo Bonzini <pbonzini@...hat.com>
Cc:     kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
        Sean Christopherson <seanjc@...gle.com>
Subject: [GIT PULL] KVM: x86: SVM changes for 6.6

Please pull SVM changes for 6.6.  The highlight is the addition of support for
enabling DebugSwap for SEV-ES (and later) guests, i.e. to allow SEV-ES guests
to utilize hardware breakpoints.

The SEV and SEV-ES fixes from me are a bit late to the party, but they've gotten
as much testing from -next as their going to get.

As mentioned in the "misc" pull request, there's a rather annoying conflict
between the LBR virtualization cleanups and the guest_can_use() framework.

The following changes since commit fdf0eaf11452d72945af31804e2a1048ee1b574c:

  Linux 6.5-rc2 (2023-07-16 15:10:37 -0700)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-svm-6.6

for you to fetch changes up to 80d0f521d59e08eeaa0bc5d624da139448fb99b8:

  KVM: SVM: Require nrips support for SEV guests (and beyond) (2023-08-25 09:00:40 -0700)

----------------------------------------------------------------
KVM: x86: SVM changes for 6.6:

 - Add support for SEV-ES DebugSwap, i.e. allow SEV-ES guests to use debug
   registers and generate/handle #DBs

 - Clean up LBR virtualization code

 - Fix a bug where KVM fails to set the target pCPU during an IRTE update

 - Fix fatal bugs in SEV-ES intrahost migration

 - Fix a bug where the recent (architecturally correct) change to reinject
   #BP and skip INT3 broke SEV guests (can't decode INT3 to skip it)

----------------------------------------------------------------
Alexey Kardashevskiy (6):
      KVM: SEV: move set_dr_intercepts/clr_dr_intercepts from the header
      KVM: SEV: Move SEV's GP_VECTOR intercept setup to SEV
      KVM: SEV-ES: explicitly disable debug
      KVM: SVM/SEV/SEV-ES: Rework intercepts
      KVM: SEV: Enable data breakpoints in SEV-ES
      KVM: SEV-ES: Eliminate #DB intercept when DebugSwap enabled

Manali Shukla (1):
      KVM: SVM: correct the size of spec_ctrl field in VMCB save area

Sean Christopherson (12):
      KVM: SVM: Rewrite sev_es_prepare_switch_to_guest()'s comment about swap types
      KVM: SVM: Don't defer NMI unblocking until next exit for SEV-ES guests
      KVM: SVM: Don't try to pointlessly single-step SEV-ES guests for NMI window
      KVM: SVM: Fix dead KVM_BUG() code in LBR MSR virtualization
      KVM: SVM: Clean up handling of LBR virtualization enabled
      KVM: SVM: Use svm_get_lbr_vmcb() helper to handle writes to DEBUGCTL
      KVM: SVM: Take and hold ir_list_lock when updating vCPU's Physical ID entry
      KVM: SVM: Set target pCPU during IRTE update if target vCPU is running
      KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration
      KVM: SVM: Skip VMSA init in sev_es_init_vmcb() if pointer is NULL
      KVM: SVM: Don't inject #UD if KVM attempts to skip SEV guest insn
      KVM: SVM: Require nrips support for SEV guests (and beyond)

 arch/x86/include/asm/cpufeatures.h       |   1 +
 arch/x86/include/asm/svm.h               |   5 +-
 arch/x86/kvm/svm/avic.c                  |  59 ++++++++--
 arch/x86/kvm/svm/sev.c                   | 100 ++++++++++++++---
 arch/x86/kvm/svm/svm.c                   | 179 +++++++++++++++++++------------
 arch/x86/kvm/svm/svm.h                   |  43 +-------
 tools/arch/x86/include/asm/cpufeatures.h |   1 +
 7 files changed, 252 insertions(+), 136 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ