| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240223104009.632194-7-pbonzini@redhat.com> Date: Fri, 23 Feb 2024 05:40:04 -0500 From: Paolo Bonzini <pbonzini@...hat.com> To: linux-kernel@...r.kernel.org, kvm@...r.kernel.org Cc: seanjc@...gle.com, michael.roth@....com, aik@....com Subject: [PATCH v2 06/11] KVM: SEV: disable DEBUG_SWAP by default Disable all VMSA features in KVM_SEV_INIT and KVM_SEV_ES_INIT. They are not actually supported by SEV (a SEV guest does not have a VMSA to which you can apply features) and they cause unexpected changes in measurement for SEV-ES. Going on, the way to enable them will be to use a new initialization ioctl that takes the VMSA features as a parameter. Signed-off-by: Paolo Bonzini <pbonzini@...hat.com> --- arch/x86/kvm/svm/sev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index b0e97f9617e3..06e03a6fe7e4 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -267,7 +267,7 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) sev->active = true; sev->es_active = argp->id == KVM_SEV_ES_INIT; - sev->vmsa_features = sev_supported_vmsa_features; + sev->vmsa_features = 0; asid = sev_asid_new(sev); if (asid < 0) -- 2.39.1
Powered by blists - more mailing lists