| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 12 May 2024 09:14:22 +0200 From: Paolo Bonzini <pbonzini@...hat.com> To: Michael Roth <michael.roth@....com> Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org, Sean Christopherson <seanjc@...gle.com>, linux-coco@...ts.linux.dev, jroedel@...e.de, thomas.lendacky@....com, vkuznets@...hat.com, pgonda@...gle.com, rientjes@...gle.com, tobin@....com, bp@...en8.de, vbabka@...e.cz, alpergun@...gle.com, ashish.kalra@....com, nikunj.dadhania@....com, pankaj.gupta@....com, liam.merwick@...cle.com, papaluri@....com Subject: Re: [PULL 00/19] KVM: Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support On Fri, May 10, 2024 at 11:17 PM Michael Roth <michael.roth@....com> wrote: > > Hi Paolo, > > This pull request contains v15 of the KVM SNP support patchset[1] along > with fixes and feedback from you and Sean regarding PSC request processing, > fast_page_fault() handling for SNP/TDX, and avoiding uncessary > PSMASH/zapping for KVM_EXIT_MEMORY_FAULT events. It's also been rebased > on top of kvm/queue (commit 1451476151e0), and re-tested with/without > 2MB gmem pages enabled. Pulled into kvm-coco-queue, thanks (and sorry for the sev_complete_psc mess up - it seemed too good to be true that the PSC changes were all fine...). Paolo > Thanks! > > -Mike > > [1] https://lore.kernel.org/kvm/20240501085210.2213060-1-michael.roth@amdcom/ > > The following changes since commit 1451476151e08e1e83ff07ce69dd0d1d025e976e: > > Merge commit 'kvm-coco-hooks' into HEAD (2024-05-10 13:20:42 -0400) > > are available in the Git repository at: > > https://github.com/mdroth/linux.git tags/tags/kvm-queue-snp > > for you to fetch changes up to 4b3f0135f759bb1a54bb28d644c38a7780150eda: > > crypto: ccp: Add the SNP_VLEK_LOAD command (2024-05-10 14:44:31 -0500) > > ---------------------------------------------------------------- > Base x86 KVM support for running SEV-SNP guests: > > - add some basic infrastructure and introduces a new KVM_X86_SNP_VM > vm_type to handle differences versus the existing KVM_X86_SEV_VM and > KVM_X86_SEV_ES_VM types. > > - implement the KVM API to handle the creation of a cryptographic > launch context, encrypt/measure the initial image into guest memory, > and finalize it before launching it. > > - implement handling for various guest-generated events such as page > state changes, onlining of additional vCPUs, etc. > > - implement the gmem/mmu hooks needed to prepare gmem-allocated pages > before mapping them into guest private memory ranges as well as > cleaning them up prior to returning them to the host for use as > normal memory. Because those cleanup hooks supplant certain > activities like issuing WBINVDs during KVM MMU invalidations, avoid > duplicating that work to avoid unecessary overhead. > > - add support for the servicing of guest requests to handle things like > attestation, as well as some related host-management interfaces to > handle updating firmware's signing key for attestation requests > > ---------------------------------------------------------------- > Ashish Kalra (1): > KVM: SEV: Avoid WBINVD for HVA-based MMU notifications for SNP > > Brijesh Singh (8): > KVM: SEV: Add initial SEV-SNP support > KVM: SEV: Add KVM_SEV_SNP_LAUNCH_START command > KVM: SEV: Add KVM_SEV_SNP_LAUNCH_UPDATE command > KVM: SEV: Add KVM_SEV_SNP_LAUNCH_FINISH command > KVM: SEV: Add support to handle GHCB GPA register VMGEXIT > KVM: SEV: Add support to handle RMP nested page faults > KVM: SVM: Add module parameter to enable SEV-SNP > KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event > > Michael Roth (9): > KVM: MMU: Disable fast path if KVM_EXIT_MEMORY_FAULT is needed > KVM: SEV: Select KVM_GENERIC_PRIVATE_MEM when CONFIG_KVM_AMD_SEV=y > KVM: SEV: Add support to handle MSR based Page State Change VMGEXIT > KVM: SEV: Add support to handle Page State Change VMGEXIT > KVM: SEV: Implement gmem hook for initializing private pages > KVM: SEV: Implement gmem hook for invalidating private pages > KVM: x86: Implement hook for determining max NPT mapping level > KVM: SEV: Provide support for SNP_EXTENDED_GUEST_REQUEST NAE event > crypto: ccp: Add the SNP_VLEK_LOAD command > > Tom Lendacky (1): > KVM: SEV: Support SEV-SNP AP Creation NAE event > > Documentation/virt/coco/sev-guest.rst | 19 + > Documentation/virt/kvm/api.rst | 87 ++ > .../virt/kvm/x86/amd-memory-encryption.rst | 110 +- > arch/x86/include/asm/kvm_host.h | 2 + > arch/x86/include/asm/sev-common.h | 25 + > arch/x86/include/asm/sev.h | 3 + > arch/x86/include/asm/svm.h | 9 +- > arch/x86/include/uapi/asm/kvm.h | 48 + > arch/x86/kvm/Kconfig | 3 + > arch/x86/kvm/mmu.h | 2 - > arch/x86/kvm/mmu/mmu.c | 25 +- > arch/x86/kvm/svm/sev.c | 1546 +++++++++++++++++++- > arch/x86/kvm/svm/svm.c | 37 +- > arch/x86/kvm/svm/svm.h | 52 + > arch/x86/kvm/trace.h | 31 + > arch/x86/kvm/x86.c | 17 + > drivers/crypto/ccp/sev-dev.c | 36 + > include/linux/psp-sev.h | 4 +- > include/uapi/linux/kvm.h | 23 + > include/uapi/linux/psp-sev.h | 27 + > include/uapi/linux/sev-guest.h | 9 + > virt/kvm/guest_memfd.c | 4 +- > 22 files changed, 2086 insertions(+), 33 deletions(-) >
Powered by blists - more mailing lists