| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240227192451.3792233-1-seanjc@google.com>
Date: Tue, 27 Feb 2024 11:24:51 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
Sean Christopherson <seanjc@...gle.com>
Subject: [GIT PULL] KVM: x86: SVM changes for 6.9
Please pull a single series that allows KVM to play nice with systems that have
all ASIDs binned to SEV-ES+ guests, which makes SEV unusuable despite being
enabled.
This is the main source of conflicts between kvm/next and your "allow
customizing VMSA features". guest_memfd_fixes also has a minor conflict in
kvm_is_vm_type_supported(), but you should already have that pull request for
6.8[1].
There is one more trivial conflict in my "misc" branch, in
kvm_vcpu_ioctl_x86_set_debugregs(), but I am going to hold off one sending a
pull request for that branch until next week. The main reason is because I
screwed up and forgot to push a pile of commits from my local tree to kvm-x86,
and sending a pull request for ~3 commits, and then another for the remaining
16 or so commits seemed rather silly. The other reason is that I am hoping we
can avoid that conflict entirely, by adding a common choke point in
kvm_arch_vcpu_ioctl()[2].
[1] https://lore.kernel.org/all/20240223211547.3348606-1-seanjc@google.com
[2] https://lore.kernel.org/all/ZdjL783FazB6V6Cy@google.com
The following changes since commit 41bccc98fb7931d63d03f326a746ac4d429c1dd3:
Linux 6.8-rc2 (2024-01-28 17:01:12 -0800)
are available in the Git repository at:
https://github.com/kvm-x86/linux.git tags/kvm-x86-svm-6.9
for you to fetch changes up to fdd58834d132046149699b88a27a0db26829f4fb:
KVM: SVM: Return -EINVAL instead of -EBUSY on attempt to re-init SEV/SEV-ES (2024-02-06 11:10:12 -0800)
----------------------------------------------------------------
KVM SVM changes for 6.9:
- Add support for systems that are configured with SEV and SEV-ES+ enabled,
but have all ASIDs assigned to SEV-ES+ guests, which effectively makes SEV
unusuable. Cleanup ASID handling to make supporting this scenario less
brittle/ugly.
- Return -EINVAL instead of -EBUSY if userspace attempts to invoke
KVM_SEV{,ES}_INIT on an SEV+ guest. The operation is simply invalid, and
not related to resource contention in any way.
----------------------------------------------------------------
Ashish Kalra (1):
KVM: SVM: Add support for allowing zero SEV ASIDs
Sean Christopherson (3):
KVM: SVM: Set sev->asid in sev_asid_new() instead of overloading the return
KVM: SVM: Use unsigned integers when dealing with ASIDs
KVM: SVM: Return -EINVAL instead of -EBUSY on attempt to re-init SEV/SEV-ES
arch/x86/kvm/svm/sev.c | 58 +++++++++++++++++++++++++++++---------------------
arch/x86/kvm/trace.h | 10 ++++-----
2 files changed, 39 insertions(+), 29 deletions(-)
Powered by blists - more mailing lists